CVE-2021-33657

CVE-2021-33657

Name

CVE-2021-33657

Description

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9

Type

URI

MISC

https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libsdl:simple_directmedia_layer::::::::`	simple_directmedia_layer	>= 2.0.0	<= 2.0.18

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*

simple_directmedia_layer

>= 2.0.0

<= 2.0.18

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
sdl2	edge-community	2.0.18-r0	August Klein <amatcoder@gmail.com>	fixed
sdl2	3.22-community	2.0.18-r0	None	fixed
sdl2	3.21-community	2.0.18-r0	None	fixed
sdl2	3.20-community	2.0.18-r0	None	fixed
sdl2	3.19-community	2.0.18-r0	None	fixed
sdl2	3.18-community	2.0.18-r0	None	fixed
sdl2	3.17-community	2.0.18-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

sdl2

edge-community

2.0.18-r0

August Klein <amatcoder@gmail.com>

fixed

sdl2

3.22-community