CVE-2020-14410

Опубликовано: 19 янв. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 5.8

EPSS Низкий

Описание

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

Ссылки

https://bugzilla.libsdl.org/show_bug.cgi?id=5200
Issue Tracking
Vendor Advisory
https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-55
Third Party Advisory
https://bugzilla.libsdl.org/show_bug.cgi?id=5200
Issue Tracking
Vendor Advisory
https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-55
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*

Версия от 2.0.12 (включая) до 2.0.20 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00161

Низкий

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2020-14410

CVSS3: 5.4

ubuntu

около 5 лет назад

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

CVE-2020-14410

CVSS3: 5.4

redhat

около 5 лет назад

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

CVE-2020-14410

CVSS3: 5.4

debian

около 5 лет назад

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer ...

GHSA-vw4m-8vvh-crhf

CVSS3: 5.4

github

больше 3 лет назад

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

BDU:2021-03749

CVSS3: 5.4

fstec

около 5 лет назад

Уязвимость функции Blit_3or4_to_3or4__inversed_rgb (video/SDL_blit_N.c) мультимедийной библиотеки Simple DirectMedia Layer, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

EPSS

Процентиль: 37%

0.00161

Низкий

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125