CVE-2022-34568Use After Free in Simple Directmedia Layer

CWE-416Use After FreeCWE-401Missing Release of Memory after Effective Lifetime6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 75.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libsdl Simple Directmedia Layer
Timeline
PublishedJul 28
Latest updateAug 29

Description

SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDlibsdl/simple_directmedia_layer1.2.11.2.15

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-wr7h-5wm3-p3h4: SDL v12022-07-29
OSV
CVE-2022-34568: SDL v12022-07-28
CVEList
CVE-2022-34568: SDL v12022-07-28

📋Vendor Advisories

2
Ubuntu
SDL vulnerability2022-08-29
Debian
CVE-2022-34568: libsdl1.2 - SDL v1.2 was discovered to contain a use-after-free via the XFree function at /s...2022
CVE-2022-34568 — Use After Free | cvebase