CVE-2020-14410

Name

CVE-2020-14410

Description

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Issue Tracking	https://bugzilla.libsdl.org/show_bug.cgi?id=5200
Patch	https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
Mailing List	https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/
GENTOO	https://security.gentoo.org/glsa/202107-55
Mailing List	https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libsdl:simple_directmedia_layer::::::::`	simple_directmedia_layer	>= None	<= 2.0.12
`cpe:2.3:a:libsdl:simple_directmedia_layer::::::::`	simple_directmedia_layer	>= 2.0.12	<= 2.0.20

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status