Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-14410
HistoryJan 19, 2021 - 12:00 a.m.

CVE-2020-14410

2021-01-1900:00:00
ubuntu.com
ubuntu.com
14

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.6%

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer
over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a
crafted .BMP file.

Bugs

Notes

Author Note
mdeslaur same commit as CVE-2020-14409 for libsdl1.2, this was fixed by CVE-2019-7637
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibsdl2< 2.0.8+dfsg1-1ubuntu1.18.04.4+esm1UNKNOWN
ubuntu20.04noarchlibsdl2< 2.0.10+dfsg1-3ubuntu0.1~esm1UNKNOWN

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.6%