CVE-2020-14409

Опубликовано: 19 янв. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

Ссылки

https://bugzilla.libsdl.org/show_bug.cgi?id=5200
Issue Tracking
Vendor Advisory
https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-55
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20210325-0001/
Third Party Advisory
https://bugzilla.libsdl.org/show_bug.cgi?id=5200
Issue Tracking
Vendor Advisory
https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-55
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20210325-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*

Версия от 2.0.12 (включая) до 2.0.20 (включая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*

EPSS

Процентиль: 42%

0.002

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2020-14409

CVSS3: 7.8

ubuntu

около 5 лет назад

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

CVE-2020-14409

CVSS3: 7.8

redhat

около 5 лет назад

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

CVE-2020-14409

CVSS3: 7.8

debian

около 5 лет назад

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow ...

GHSA-3656-jvhv-q239

CVSS3: 7.8

github

больше 3 лет назад

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

BDU:2021-03729

CVSS3: 8.8

fstec

около 5 лет назад

Уязвимость компонента video/SDL_blit_copy.c мультимедийной библиотеки Simple DirectMedia Layer, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 42%

0.002

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190