26 matches found
CVE-2019-13616
CVE-2019-13616 affects SDL up to 1.2.15 and 2.x up to 2.0.9, with a heap-based buffer over-read in BlitNtoN (video/SDL_blit_N.c) invoked via SDL_SoftBlit (video/SDL_blit.c). Several connected advisories confirm the root issue is in SDL’s handling of image data (notably BMP loading) or surface cop...
CVE-2019-7638
CVE-2019-7638 is a heap-based buffer over-read in Map1toN (video/SDL_pixels.c) that affects SDL 1.2.15 and 2.x up to 2.0.9. Multiple connected advisories document this CVE among a set of SDL vulnerabilities, with reports indicating potential arbitrary code execution upon processing crafted media....
CVE-2019-7572
SDL (Simple DirectMedia Layer) up to versions 1.2.15 and 2.x up to 2.0.9 has a buffer over-read in IMA_ADPCM_nibble (audio/SDL_wave.c), with additional related issues (e.g., heap-based over-reads/overflows in MS_ADPCM_decode, InitMS_ADPCM, InitIMA_ADPCM, and other SDL components) cited across mul...
CVE-2019-7575
CVE-2019-7575 affects SDL (SDL 1.2.15 and 2.x up to 2.0.9). It is a heap-based buffer overflow in MS_ADPCM_decode within audio/SDL_wave.c. Exploitation could allow arbitrary code execution or crash when processing crafted audio data, as reflected in multiple advisories (Arch Linux, AlmaLinux, Deb...
CVE-2019-7636
SDL (Simple DirectMedia Layer) is affected by CVE-2019-7636 across SDL 1.2.15 and SDL 2.x up to 2.0.9, due to a heap-based buffer over-read in SDL_GetRGB located in video/SDL_pixels.c. The connected advisories describe broader SDL issues (multiple CVEs in audio and video paths) and indicate an at...
CVE-2019-7574
CVE-2019-7574 affects SDL (libsdl1.2 and libsdl2) up to SDL 1.2.15 and 2.x up to 2.0.9, caused by a heap-based buffer over-read in IMA_ADPCM_decode inside audio/SDL_wave.c. Multiple vendor advisories (Arch Linux ASA-201908-5, Debian DLA entries, AlmaLinux ALAS2-2020-1500, CentOS/CESA notes) docum...
CVE-2019-7577
CVE-2019-7577 affects SDL: a buffer over-read in audio/SDL_wave.c (SDL_LoadWAV_RW) linked to SDL 1.2.15 and 2.x up to 2.0.9. Connected advisories confirm multiple SDL-related CVEs with similar memory issues (buffer over-reads/overflows) across libsdl1.2/libsdl2 and SDL components, risking arbitra...
CVE-2019-7635
CVE-2019-7635 affects SDL (SDL1.2 up to 1.2.15 and SDL2 up to 2.0.9) with a heap-based buffer over-read in Blit1to4 (video/SDL_blit_1.c). Multiple connected sources (Arch/ALMA/CentOS/Debian advisories) describe this alongside related CVEs in audio/video paths (e.g., IMA_ADPCM and MS_ADPCM in audi...
CVE-2019-7637
CVE-2019-7637: SDL_FillRect in video/SDL_surface.c suffers a heap-based buffer overflow. Affected: SDL 1.2.x up to 1.2.15 and SDL 2.x up to 2.0.9. Impact, as described in multiple advisories, includes potential arbitrary code execution when processing crafted image/video/audio inputs. Connected a...
CVE-2019-7578
CVE-2019-7578 (InitIMA_ADPCM in SDL_wave.c) affects SDL 1.2.15 and 2.x up to 2.0.9, causing a heap-based buffer over-read. The connected advisories indicate potential for arbitrary code execution in some contexts (notably Arch Linux and AlmaLinux descriptions). Public fixes are available via vend...
CVE-2019-7576
SDL (libsdl1.2/SDL2) up to affected 1.2.x/2.x versions has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). Exploitation can enable arbitrary code execution via crafted media files. Upgrades to SDL2 2.0.10+ and SDL 1.2.15-13+/libsdl1.2 1.2.15-13+ are ...
CVE-2019-7573
CVE-2019-7573 affects SDL (1.2.15 and 2.x up to 2.0.9). The vulnerability is a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (within the wNumCoef loop). Exploitation could allow arbitrary code execution on affected hosts. Remediation is to upgrade SDL to a fixed release (SDL 1.2...
CVE-2021-33657
CVE-2021-33657 (SDL2) affects SDL2 up to version 2.0.18, with a heap overflow in video/SDL_pixels.c when processing a crafted BMP file. This can crash the application, cause denial of service, or lead to code execution. Exploitation is described via malformed BMP input; several advisories note pa...
CVE-2019-14906
CVE-2019-14906 is a confirmed SDL vulnerability affecting SDL 1.2.15 and 2.x up to 2.0.9. The issue is a heap-based buffer overflow when copying an existing surface into a new optimized one due to insufficient validation while loading BMP images (SDL_LoadBMP_RW), enabling potential code execution...
CVE-2019-12217
CVE-2019-12217 is a NULL pointer dereference in the SDL stdio_read function when SDL2_image 2.0.4 is used with SDL 2.0.9 (libSDL2.a). Multiple connected advisories confirm this issue across distributions (openSUSE openSUSE-2019-2070, Fedora SDL2_image updates, Ubuntu USN-4238-1, Mageia advisories...
CVE-2019-12221
The CVE-2019-12221 entry corresponds to a NULL/SEGV issue in SDL_free_REAL inside SDL with SDL2_image 2.0.4 (SDL 2.0.9) when used together, as described in the initial document. Connected documents confirm this vulnerability is addressed by SDL2_image updates to 2.0.5 (and corresponding SDL relea...
CVE-2019-12222
CVE-2019-12222 affects SDL 2.0.9 (libSDL2.a) with an out-of-bounds read in SDL_InvalidateMap (video/SDL_pixels.c). Connected documents consistently indicate remediation via SDL 2.0.10 (and related SDL2_image updates) and list this CVE among several SDL-related issues that were fixed in newer rele...
CVE-2019-12218
CVE-2019-12218 concerns a NULL pointer dereference in the SDL2_image component (IMG_LoadPCX_RW in IMG_pcx.c) when SDL2_image 2.0.4 is used with SDL 2.0.9 libSDL2.a. Documented in multiple advisories and openSUSE/Fedora/Mageia entries; impact is a crash/denial of service potential rather than expl...
CVE-2017-2888
SDL2 versions affected: SDL 2.0.x with vulnerable code path when creating a new RGB Surface (notably in 2.0.5). Root cause: integer overflow during surface allocation due to crafted image input, leading to too little memory allocation, a subsequent buffer overflow, and potential code execution. P...
CVE-2019-12220
CVE-2019-12220 affects libSDL2.a in SDL 2.0.9 when used with SDL2_image 2.0.4. There is an out-of-bounds read in SDL_FreePalette_REAL (video/SDL_pixels.c). Documented impact is an out-of-bounds read; CVSS data from NVD shows a MEDIUM base severity (6.5 CVSS3) with HIGH availability impact, but ex...
CVE-2020-14409
CVE-2020-14409 affects SDL2 up to version 2.0.12. The vulnerability is an Integer Overflow in SDL_BlitCopy (video/SDL_blit_copy.c) triggered by processing a crafted BMP file, causing SDL_memcpy heap corruption and potential instability. Connected advisories (SUSE, Debian, Ubuntu) reference this C...
CVE-2020-14410
CVE-2020-14410 is the SDL/libSDL2 vulnerability described in multiple advisories (notably SUSE/DebianUbuntu/Nessus feeds) for SDL2
CVE-2019-12219
CVE-2019-12219 concerns an invalid free error in SDL_SetError_REAL in the SDL_error.c path when libSDL2.a SDL 2.0.9 is used with SDL2_image 2.0.4. Multiple vendor advisories (e.g., Fedora/Mageia/Debian) reference SDL2_image updates (e.g., to 2.0.5 and beyond) as remediation, indicating the issue ...
CVE-2022-34568
CVE-2022-34568 affects SDL 1.2 with a use-after-free in the XFree path (src/video/x11/SDL_x11yuv.c). Exploitation could crash the application; impact includes availability (per CVSS: HIGH) with network access and no user interaction required. Connected advisories corroborate SDL vulnerabilities i...
CVE-2022-4743
CVE-2022-4743 – SDL2 memory leak in GLES_CreateTexture() (SDL_render_gles.c) Affects SDL2 2.0.4 and later; can lead to denial of service due to memory leak. The issue is documented across multiple advisories and vendor pages (Debian, Astra Linux, Amazon Linux 2, Gentoo GLSA, etc.). Remediation ob...
CVE-2019-12216
CVE-2019-12216 affects the SDL ecosystem when using libSDL2.a (SDL 2.0.9) with libSDL2_image.a (SDL2_image 2.0.4). The issue is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW (at IMG_pcx.c). The connected documents list this CVE among SDL_image-related advisories, but do n...