AVG-1480 log

Package	sdl2
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	2.0.12-3
Fixed	2.0.14-1
Current	2.30.10-1 [extra]
Ticket	None
Created	Tue Jan 19 20:52:03 2021

Issue	Severity	Remote	Type	Description
CVE-2020-14410	Low	No	Denial of service	SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
CVE-2020-14409	Medium	No	Arbitrary code execution	SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c...

Issue

Severity

Remote

Type

Description

CVE-2020-14410

Low

Denial of service

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

CVE-2020-14409

Medium

Arbitrary code execution

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c...