CVE-2020-14410 — Out-of-bounds Read in Simple Directmedia Layer

CWE-125 — Out-of-bounds Read8 documents8 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 62.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsdl Simple Directmedia Layer Debian Linux Fedoraproject Fedora

Timeline

PublishedJan 19

Latest updateMay 24

Description

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDlibsdl/simple_directmedia_layer2.0.12 — 2.0.20

Also affects: Debian Linux 9.0, Fedora 33

Patches

Patch: hg.libsdl.org ↗Patch: hg.libsdl.org ↗

🔴Vulnerability Details

GHSA

GHSA-vw4m-8vvh-crhf: SDL (Simple DirectMedia Layer) through 2↗2022-05-24

▶

CVEList

CVE-2020-14410: SDL (Simple DirectMedia Layer) through 2↗2021-01-19

▶

OSV

CVE-2020-14410: SDL (Simple DirectMedia Layer) through 2↗2021-01-19

▶

📋Vendor Advisories

Ubuntu

Simple DirectMedia Layer vulnerabilities↗2022-02-07

▶

Red Hat

SDL2: Heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file↗2021-01-19

▶

Debian

CVE-2020-14410: libsdl1.2 - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read ...↗2020

▶

💬Community

Bugzilla

CVE-2018-7418 wireshark: SIGCOMP dissector crash in packet-sigcomp.c↗2018-02-26

▶