CVE-2021-33657 — Out-of-bounds Write in Simple Directmedia Layer

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 70.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsdl Simple Directmedia Layer

Timeline

PublishedApr 1

Latest updateApr 28

Description

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDlibsdl/simple_directmedia_layer2.0.0 — 2.0.18

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9276-2w6v-wx4c: There is a heap overflow problem in video/SDL_pixels↗2022-04-03

▶

OSV

CVE-2021-33657: There is a heap overflow problem in video/SDL_pixels↗2022-04-01

▶

CVEList

CVE-2021-33657: There is a heap overflow problem in video/SDL_pixels↗2022-04-01

▶

📋Vendor Advisories

Ubuntu

Simple DirectMedia Layer vulnerability↗2022-04-28

▶

Debian

CVE-2021-33657: libsdl1.2 - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedi...↗2021

▶