AVG-1480 log

Package sdl2
Status Fixed
Severity Medium
Type multiple issues
Affected 2.0.12-3
Fixed 2.0.14-1
Current 2.30.1-1 [extra]
Ticket None
Created Tue Jan 19 20:52:03 2021
Issue Severity Remote Type Description
CVE-2020-14410 Low No Denial of service
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
CVE-2020-14409 Medium No Arbitrary code execution
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c...