CVE-2020-14410
First published: Tue Jan 19 2021(Updated: )
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libsdl Simple Directmedia Layer | <=2.0.12 | |
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =33 | |
| Libsdl Simple Directmedia Layer | >=2.0.12<=2.0.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.libsdl.org/show_bug.cgi?id=5200
- https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
- https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
- https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/
- https://security.gentoo.org/glsa/202107-55
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/
Frequently Asked Questions
What is the vulnerability ID of this SDL (Simple DirectMedia Layer) vulnerability?
The vulnerability ID of this SDL vulnerability is CVE-2020-14410.
What is the severity rating of CVE-2020-14410?
CVE-2020-14410 has a severity rating of medium with a score of 5.4.
Which software versions are affected by this vulnerability?
Versions up to and including 2.0.12 of Libsdl Simple Directmedia Layer, Debian Linux 9.0, and Fedora 33 are affected by this vulnerability.
How can the vulnerability be exploited?
The vulnerability can be exploited by using a crafted .BMP file.
Is there a fix available for CVE-2020-14410?
Yes, there have been fixes released. Please refer to the provided references for more information.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/libsdl
- canonical/libsdl simple directmedia layer
- version/libsdl simple directmedia layer/2.0.12
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/libsdl simple directmedia layer/2.0.20