Lucene search
K
LibsdlSimple Directmedia Layer

26 matches found

CVE
CVE
added 2019/07/16 12:0 a.m.471 views

CVE-2019-13616

CVE-2019-13616 affects SDL up to 1.2.15 and 2.x up to 2.0.9, with a heap-based buffer over-read in BlitNtoN (video/SDL_blit_N.c) invoked via SDL_SoftBlit (video/SDL_blit.c). Several connected advisories confirm the root issue is in SDL’s handling of image data (notably BMP loading) or surface cop...

8.1CVSS8.5AI score0.03299EPSS
CVE
CVE
added 2019/02/08 12:0 a.m.347 views

CVE-2019-7638

CVE-2019-7638 is a heap-based buffer over-read in Map1toN (video/SDL_pixels.c) that affects SDL 1.2.15 and 2.x up to 2.0.9. Multiple connected advisories document this CVE among a set of SDL vulnerabilities, with reports indicating potential arbitrary code execution upon processing crafted media....

8.8CVSS8.7AI score0.02959EPSS
CVE
CVE
added 2019/02/07 12:0 a.m.259 views

CVE-2019-7572

SDL (Simple DirectMedia Layer) up to versions 1.2.15 and 2.x up to 2.0.9 has a buffer over-read in IMA_ADPCM_nibble (audio/SDL_wave.c), with additional related issues (e.g., heap-based over-reads/overflows in MS_ADPCM_decode, InitMS_ADPCM, InitIMA_ADPCM, and other SDL components) cited across mul...

8.8CVSS8.8AI score0.02806EPSS
CVE
CVE
added 2019/02/07 12:0 a.m.259 views

CVE-2019-7575

CVE-2019-7575 affects SDL (SDL 1.2.15 and 2.x up to 2.0.9). It is a heap-based buffer overflow in MS_ADPCM_decode within audio/SDL_wave.c. Exploitation could allow arbitrary code execution or crash when processing crafted audio data, as reflected in multiple advisories (Arch Linux, AlmaLinux, Deb...

8.8CVSS8.9AI score0.02955EPSS
CVE
CVE
added 2019/02/08 12:0 a.m.258 views

CVE-2019-7636

SDL (Simple DirectMedia Layer) is affected by CVE-2019-7636 across SDL 1.2.15 and SDL 2.x up to 2.0.9, due to a heap-based buffer over-read in SDL_GetRGB located in video/SDL_pixels.c. The connected advisories describe broader SDL issues (multiple CVEs in audio and video paths) and indicate an at...

8.1CVSS8.4AI score0.02879EPSS
CVE
CVE
added 2019/02/07 12:0 a.m.255 views

CVE-2019-7574

CVE-2019-7574 affects SDL (libsdl1.2 and libsdl2) up to SDL 1.2.15 and 2.x up to 2.0.9, caused by a heap-based buffer over-read in IMA_ADPCM_decode inside audio/SDL_wave.c. Multiple vendor advisories (Arch Linux ASA-201908-5, Debian DLA entries, AlmaLinux ALAS2-2020-1500, CentOS/CESA notes) docum...

8.8CVSS8.8AI score0.02806EPSS
CVE
CVE
added 2019/02/07 12:0 a.m.247 views

CVE-2019-7577

CVE-2019-7577 affects SDL: a buffer over-read in audio/SDL_wave.c (SDL_LoadWAV_RW) linked to SDL 1.2.15 and 2.x up to 2.0.9. Connected advisories confirm multiple SDL-related CVEs with similar memory issues (buffer over-reads/overflows) across libsdl1.2/libsdl2 and SDL components, risking arbitra...

8.8CVSS8.8AI score0.02992EPSS
CVE
CVE
added 2019/02/08 12:0 a.m.246 views

CVE-2019-7635

CVE-2019-7635 affects SDL (SDL1.2 up to 1.2.15 and SDL2 up to 2.0.9) with a heap-based buffer over-read in Blit1to4 (video/SDL_blit_1.c). Multiple connected sources (Arch/ALMA/CentOS/Debian advisories) describe this alongside related CVEs in audio/video paths (e.g., IMA_ADPCM and MS_ADPCM in audi...

8.1CVSS8.5AI score0.03299EPSS
CVE
CVE
added 2019/02/08 11:0 a.m.246 views

CVE-2019-7637

CVE-2019-7637: SDL_FillRect in video/SDL_surface.c suffers a heap-based buffer overflow. Affected: SDL 1.2.x up to 1.2.15 and SDL 2.x up to 2.0.9. Impact, as described in multiple advisories, includes potential arbitrary code execution when processing crafted image/video/audio inputs. Connected a...

8.8CVSS8.9AI score0.03112EPSS
CVE
CVE
added 2019/02/07 12:0 a.m.240 views

CVE-2019-7578

CVE-2019-7578 (InitIMA_ADPCM in SDL_wave.c) affects SDL 1.2.15 and 2.x up to 2.0.9, causing a heap-based buffer over-read. The connected advisories indicate potential for arbitrary code execution in some contexts (notably Arch Linux and AlmaLinux descriptions). Public fixes are available via vend...

8.1CVSS8.4AI score0.02911EPSS
CVE
CVE
added 2019/02/07 12:0 a.m.237 views

CVE-2019-7576

SDL (libsdl1.2/SDL2) up to affected 1.2.x/2.x versions has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). Exploitation can enable arbitrary code execution via crafted media files. Upgrades to SDL2 2.0.10+ and SDL 1.2.15-13+/libsdl1.2 1.2.15-13+ are ...

8.8CVSS8.7AI score0.02946EPSS
CVE
CVE
added 2019/02/07 12:0 a.m.235 views

CVE-2019-7573

CVE-2019-7573 affects SDL (1.2.15 and 2.x up to 2.0.9). The vulnerability is a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (within the wNumCoef loop). Exploitation could allow arbitrary code execution on affected hosts. Remediation is to upgrade SDL to a fixed release (SDL 1.2...

8.8CVSS8.7AI score0.02959EPSS
CVE
CVE
added 2022/04/01 12:0 a.m.217 views

CVE-2021-33657

CVE-2021-33657 (SDL2) affects SDL2 up to version 2.0.18, with a heap overflow in video/SDL_pixels.c when processing a crafted BMP file. This can crash the application, cause denial of service, or lead to code execution. Exploitation is described via malformed BMP input; several advisories note pa...

8.8CVSS8.6AI score0.01986EPSS
CVE
CVE
added 2020/01/07 8:5 p.m.206 views

CVE-2019-14906

CVE-2019-14906 is a confirmed SDL vulnerability affecting SDL 1.2.15 and 2.x up to 2.0.9. The issue is a heap-based buffer overflow when copying an existing surface into a new optimized one due to insufficient validation while loading BMP images (SDL_LoadBMP_RW), enabling potential code execution...

9.8CVSS8.6AI score0.01752EPSS
CVE
CVE
added 2019/05/20 4:32 p.m.190 views

CVE-2019-12217

CVE-2019-12217 is a NULL pointer dereference in the SDL stdio_read function when SDL2_image 2.0.4 is used with SDL 2.0.9 (libSDL2.a). Multiple connected advisories confirm this issue across distributions (openSUSE openSUSE-2019-2070, Fedora SDL2_image updates, Ubuntu USN-4238-1, Mageia advisories...

6.5CVSS7.1AI score0.02269EPSS
CVE
CVE
added 2019/05/20 4:33 p.m.181 views

CVE-2019-12221

The CVE-2019-12221 entry corresponds to a NULL/SEGV issue in SDL_free_REAL inside SDL with SDL2_image 2.0.4 (SDL 2.0.9) when used together, as described in the initial document. Connected documents confirm this vulnerability is addressed by SDL2_image updates to 2.0.5 (and corresponding SDL relea...

6.5CVSS7.1AI score0.01969EPSS
CVE
CVE
added 2019/05/20 4:33 p.m.179 views

CVE-2019-12222

CVE-2019-12222 affects SDL 2.0.9 (libSDL2.a) with an out-of-bounds read in SDL_InvalidateMap (video/SDL_pixels.c). Connected documents consistently indicate remediation via SDL 2.0.10 (and related SDL2_image updates) and list this CVE among several SDL-related issues that were fixed in newer rele...

6.5CVSS7.1AI score0.01931EPSS
CVE
CVE
added 2019/05/20 4:33 p.m.178 views

CVE-2019-12218

CVE-2019-12218 concerns a NULL pointer dereference in the SDL2_image component (IMG_LoadPCX_RW in IMG_pcx.c) when SDL2_image 2.0.4 is used with SDL 2.0.9 libSDL2.a. Documented in multiple advisories and openSUSE/Fedora/Mageia entries; impact is a crash/denial of service potential rather than expl...

6.5CVSS7.1AI score0.01957EPSS
CVE
CVE
added 2017/10/11 6:0 p.m.173 views

CVE-2017-2888

SDL2 versions affected: SDL 2.0.x with vulnerable code path when creating a new RGB Surface (notably in 2.0.5). Root cause: integer overflow during surface allocation due to crafted image input, leading to too little memory allocation, a subsequent buffer overflow, and potential code execution. P...

8.8CVSS8.7AI score0.03072EPSS
CVE
CVE
added 2019/05/20 4:33 p.m.159 views

CVE-2019-12220

CVE-2019-12220 affects libSDL2.a in SDL 2.0.9 when used with SDL2_image 2.0.4. There is an out-of-bounds read in SDL_FreePalette_REAL (video/SDL_pixels.c). Documented impact is an out-of-bounds read; CVSS data from NVD shows a MEDIUM base severity (6.5 CVSS3) with HIGH availability impact, but ex...

6.5CVSS7.1AI score0.0187EPSS
CVE
CVE
added 2021/01/19 12:0 a.m.130 views

CVE-2020-14409

CVE-2020-14409 affects SDL2 up to version 2.0.12. The vulnerability is an Integer Overflow in SDL_BlitCopy (video/SDL_blit_copy.c) triggered by processing a crafted BMP file, causing SDL_memcpy heap corruption and potential instability. Connected advisories (SUSE, Debian, Ubuntu) reference this C...

7.8CVSS7.4AI score0.01311EPSS
CVE
CVE
added 2021/01/19 12:0 a.m.127 views

CVE-2020-14410

CVE-2020-14410 is the SDL/libSDL2 vulnerability described in multiple advisories (notably SUSE/DebianUbuntu/Nessus feeds) for SDL2

5.8CVSS6.1AI score0.01666EPSS
CVE
CVE
added 2019/05/20 4:33 p.m.112 views

CVE-2019-12219

CVE-2019-12219 concerns an invalid free error in SDL_SetError_REAL in the SDL_error.c path when libSDL2.a SDL 2.0.9 is used with SDL2_image 2.0.4. Multiple vendor advisories (e.g., Fedora/Mageia/Debian) reference SDL2_image updates (e.g., to 2.0.5 and beyond) as remediation, indicating the issue ...

8.8CVSS7.2AI score0.02001EPSS
CVE
CVE
added 2022/07/28 12:0 a.m.105 views

CVE-2022-34568

CVE-2022-34568 affects SDL 1.2 with a use-after-free in the XFree path (src/video/x11/SDL_x11yuv.c). Exploitation could crash the application; impact includes availability (per CVSS: HIGH) with network access and no user interaction required. Connected advisories corroborate SDL vulnerabilities i...

7.5CVSS7.5AI score0.00969EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.98 views

CVE-2022-4743

CVE-2022-4743 – SDL2 memory leak in GLES_CreateTexture() (SDL_render_gles.c) Affects SDL2 2.0.4 and later; can lead to denial of service due to memory leak. The issue is documented across multiple advisories and vendor pages (Debian, Astra Linux, Amazon Linux 2, Gentoo GLSA, etc.). Remediation ob...

7.5CVSS7AI score0.01265EPSS
CVE
CVE
added 2019/05/20 4:32 p.m.91 views

CVE-2019-12216

CVE-2019-12216 affects the SDL ecosystem when using libSDL2.a (SDL 2.0.9) with libSDL2_image.a (SDL2_image 2.0.4). The issue is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW (at IMG_pcx.c). The connected documents list this CVE among SDL_image-related advisories, but do n...

6.5CVSS7.4AI score0.0221EPSS