CVE-2021-33657

EUVD-2021-20334
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
libsdlsimple_directmedia_layer
2.0.0 ≤
𝑥
≤ 2.0.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsdl1.2
bookworm
1.2.15+dfsg2-8
fixed
bullseye
no-dsa
buster
no-dsa
stretch
no-dsa
libsdl2
bookworm
2.26.5+dfsg-1
fixed
bullseye
2.0.14+dfsg2-3+deb11u1
no-dsa
buster
no-dsa
sid
2.30.9+dfsg-1
fixed
stretch
no-dsa
trixie
2.30.8+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsdl1.2
bionic
Fixed 1.2.15+dfsg2-0.1ubuntu0.2
released
focal
needed
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
dne
noble
dne
trusty
Fixed 1.2.15-8ubuntu1.1+esm2
released
xenial
Fixed 1.2.15+dfsg1-3ubuntu0.1+esm1
released
libsdl2
bionic
needed
focal
needed
impish
Fixed 2.0.14+dfsg2-3ubuntu0.1
released
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needed
xenial
needed
Common Weakness Enumeration
References
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
https://security.gentoo.org/glsa/202305-17
https://security.gentoo.org/glsa/202305-18
https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
https://security.gentoo.org/glsa/202305-17
https://security.gentoo.org/glsa/202305-18