LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2017-2888 CVE STATUS: Patched CVE SUMMARY: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2888 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12216 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12216 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12217 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12217 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12218 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12218 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12219 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12219 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12220 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12220 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12221 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12221 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-12222 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12222 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-13616 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13616 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-14906 CVE STATUS: Patched CVE SUMMARY: A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14906 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7572 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7572 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7573 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7573 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7574 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7574 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7575 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7575 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7576 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7576 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7577 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7577 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7578 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7578 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7635 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7635 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7636 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7636 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7637 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7637 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2019-7638 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7638 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2020-14409 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14409 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2020-14410 CVE STATUS: Patched CVE SUMMARY: SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 5.4 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14410 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2021-33657 CVE STATUS: Patched CVE SUMMARY: There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33657 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2022-34568 CVE STATUS: Patched CVE SUMMARY: SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34568 LAYER: meta PACKAGE NAME: nativesdk-libsdl2 PACKAGE VERSION: 2.30.1 CVE: CVE-2022-4743 CVE STATUS: Patched CVE SUMMARY: A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4743