CVE-2021-33657

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
libsdlsimple_directmedia_layer
2.0.0 ≤
𝑥
≤ 2.0.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsdl1.2
bookworm
1.2.15+dfsg2-8
fixed
bullseye
no-dsa
buster
no-dsa
stretch
no-dsa
libsdl2
bookworm
2.26.5+dfsg-1
fixed
bullseye
2.0.14+dfsg2-3+deb11u1
no-dsa
buster
no-dsa
sid
2.30.9+dfsg-1
fixed
stretch
no-dsa
trixie
2.30.8+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsdl1.2
bionic
Fixed 1.2.15+dfsg2-0.1ubuntu0.2
released
focal
needed
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
dne
noble
dne
trusty
Fixed 1.2.15-8ubuntu1.1+esm2
released
xenial
Fixed 1.2.15+dfsg1-3ubuntu0.1+esm1
released
libsdl2
bionic
needed
focal
needed
impish
Fixed 2.0.14+dfsg2-3ubuntu0.1
released
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needed
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
SDL2-devel
suse enterprise desktop 15 SP6
2.28.5-150600.1.4
fixed
suse enterprise desktop 15 SP7
2.28.5-150600.1.4
fixed
suse enterprise sap 15 SP6
2.28.5-150600.1.4
fixed
suse enterprise sap 15 SP7
2.28.5-150600.1.4
fixed
suse enterprise server 15 SP6
2.28.5-150600.1.4
fixed
suse enterprise server 15 SP7
2.28.5-150600.1.4
fixed
libSDL-1_2-0
suse enterprise desktop 15 SP3
1.2.15-150000.3.19.1
fixed
suse enterprise desktop 15 SP4
1.2.15-150000.3.19.1
fixed
suse enterprise desktop 15 SP5
1.2.15-150000.3.19.1
fixed
suse enterprise desktop 15 SP6
1.2.15-150000.3.19.1
fixed
suse enterprise desktop 15 SP7
1.2.15-150000.3.19.1
fixed
suse enterprise sap 12 SP3
1.2.15-15.17.1
fixed
suse enterprise sap 12 SP4
1.2.15-15.17.1
fixed
suse enterprise sap 12 SP5
1.2.15-15.17.1
fixed
suse enterprise sap 15
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP1
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP3
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP4
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP5
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP6
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP7
1.2.15-150000.3.19.1
fixed
suse enterprise server 12 SP2
1.2.15-15.17.1
fixed
suse enterprise server 12 SP3
1.2.15-15.17.1
fixed
suse enterprise server 12 SP4
1.2.15-15.17.1
fixed
suse enterprise server 12 SP5
1.2.15-15.17.1
fixed
suse enterprise server 15
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP1
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP2
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP3
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP4
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP5
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP6
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP7
1.2.15-150000.3.19.1
fixed
libSDL-1_2-0-32bit
suse enterprise sap 12 SP3
1.2.15-15.17.1
fixed
suse enterprise sap 12 SP4
1.2.15-15.17.1
fixed
suse enterprise sap 12 SP5
1.2.15-15.17.1
fixed
suse enterprise server 12 SP2
1.2.15-15.17.1
fixed
suse enterprise server 12 SP3
1.2.15-15.17.1
fixed
suse enterprise server 12 SP4
1.2.15-15.17.1
fixed
suse enterprise server 12 SP5
1.2.15-15.17.1
fixed
libSDL-devel
suse enterprise desktop 15 SP3
1.2.15-150000.3.19.1
fixed
suse enterprise desktop 15 SP4
1.2.15-150000.3.19.1
fixed
suse enterprise desktop 15 SP5
1.2.15-150000.3.19.1
fixed
suse enterprise desktop 15 SP6
1.2.15-150000.3.19.1
fixed
suse enterprise desktop 15 SP7
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP1
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP3
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP4
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP5
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP6
1.2.15-150000.3.19.1
fixed
suse enterprise sap 15 SP7
1.2.15-150000.3.19.1
fixed
suse enterprise server 15
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP1
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP2
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP3
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP4
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP5
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP6
1.2.15-150000.3.19.1
fixed
suse enterprise server 15 SP7
1.2.15-150000.3.19.1
fixed
libSDL2-2_0-0
suse enterprise desktop 15 SP3
2.0.8-150200.11.6.1
fixed
suse enterprise desktop 15 SP4
2.0.8-150200.11.6.1
fixed
suse enterprise desktop 15 SP5
2.0.8-150200.11.6.1
fixed
suse enterprise desktop 15 SP6
2.28.5-150600.1.4
fixed
suse enterprise desktop 15 SP7
2.28.5-150600.1.4
fixed
suse enterprise sap 15
2.0.8-150000.3.21.1
fixed
suse enterprise sap 15 SP1
2.0.8-150000.3.21.1
fixed
suse enterprise sap 15 SP3
2.0.8-150200.11.6.1
fixed
suse enterprise sap 15 SP4
2.0.8-150200.11.6.1
fixed
suse enterprise sap 15 SP5
2.0.8-150200.11.6.1
fixed
suse enterprise sap 15 SP6
2.28.5-150600.1.4
fixed
suse enterprise sap 15 SP7
2.28.5-150600.1.4
fixed
suse enterprise server 15
2.0.8-150000.3.21.1
fixed
suse enterprise server 15 SP1
2.0.8-150000.3.21.1
fixed
suse enterprise server 15 SP2
2.0.8-150200.11.6.1
fixed
suse enterprise server 15 SP3
2.0.8-150200.11.6.1
fixed
suse enterprise server 15 SP4
2.0.8-150200.11.6.1
fixed
suse enterprise server 15 SP5
2.0.8-150200.11.6.1
fixed
suse enterprise server 15 SP6
2.28.5-150600.1.4
fixed
suse enterprise server 15 SP7
2.28.5-150600.1.4
fixed
libSDL2-devel
suse enterprise desktop 15 SP3
2.0.8-150200.11.6.1
fixed
suse enterprise desktop 15 SP4
2.0.8-150200.11.6.1
fixed
suse enterprise desktop 15 SP5
2.0.8-150200.11.6.1
fixed
suse enterprise sap 15
2.0.8-150000.3.21.1
fixed
suse enterprise sap 15 SP1
2.0.8-150000.3.21.1
fixed
suse enterprise sap 15 SP3
2.0.8-150200.11.6.1
fixed
suse enterprise sap 15 SP4
2.0.8-150200.11.6.1
fixed
suse enterprise sap 15 SP5
2.0.8-150200.11.6.1
fixed
suse enterprise server 15
2.0.8-150000.3.21.1
fixed
suse enterprise server 15 SP1
2.0.8-150000.3.21.1
fixed
suse enterprise server 15 SP2
2.0.8-150200.11.6.1
fixed
suse enterprise server 15 SP3
2.0.8-150200.11.6.1
fixed
suse enterprise server 15 SP4
2.0.8-150200.11.6.1
fixed
suse enterprise server 15 SP5
2.0.8-150200.11.6.1
fixed
Common Weakness Enumeration
References
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
https://security.gentoo.org/glsa/202305-17
https://security.gentoo.org/glsa/202305-18
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
https://security.gentoo.org/glsa/202305-17
https://security.gentoo.org/glsa/202305-18