CVE-2021-33657

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
openEulerCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
libsdlsimple_directmedia_layer
2.0.0 ≤
𝑥
≤ 2.0.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsdl1.2
bullseye
no-dsa
buster
no-dsa
stretch
no-dsa
bookworm
1.2.15+dfsg2-8
fixed
libsdl2
bullseye
2.0.14+dfsg2-3+deb11u1
no-dsa
buster
no-dsa
stretch
no-dsa
bookworm
2.26.5+dfsg-1
fixed
trixie
2.30.8+dfsg-1
fixed
sid
2.30.9+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsdl1.2
noble
dne
mantic
dne
lunar
ignored
kinetic
ignored
jammy
needed
impish
ignored
focal
needed
bionic
Fixed 1.2.15+dfsg2-0.1ubuntu0.2
released
xenial
Fixed 1.2.15+dfsg1-3ubuntu0.1+esm1
released
trusty
Fixed 1.2.15-8ubuntu1.1+esm2
released
libsdl2
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
Fixed 2.0.14+dfsg2-3ubuntu0.1
released
focal
needed
bionic
needed
xenial
needed
trusty
needed
Common Weakness Enumeration
References
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
https://security.gentoo.org/glsa/202305-17
https://security.gentoo.org/glsa/202305-18
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
https://security.gentoo.org/glsa/202305-17
https://security.gentoo.org/glsa/202305-18