SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

The remote Ubuntu 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5274-1 advisory.

    It was discovered that Simple DirectMedia Layer library incorrectly handled memory when parsing certain     specially crafted .BMP files. An attacker could possibly use these issues to crash the application or     execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3314 advisory.

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in     BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. (CVE-2019-13616)

  - SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in     Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
    (CVE-2019-13626)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in     IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in     InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in     IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in     MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in     InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in     SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in     InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in     Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in     SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in     Map1toN in video/SDL_pixels.c. (CVE-2019-7638)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

  - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18     versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to     crash, denial of service or Code execution. (CVE-2021-33657)

  - A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in     SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The     vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. (CVE-2022-4743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1312-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

  - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18     versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to     crash, denial of service or Code execution. (CVE-2021-33657)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14943-1 advisory.

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in     SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

  - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18     versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to     crash, denial of service or Code execution. (CVE-2021-33657)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1273-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

  - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18     versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to     crash, denial of service or Code execution. (CVE-2021-33657)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0825-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0104-2 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202107-55 (SDL 2: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in SDL 2. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0104-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0104-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9d65b22041 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Several issues have been found in libsdl2, a library for portable low level access to a video framebuffer, audio output, mouse, and keyboard. All issues are related to either buffer overflow, integer overflow or heap-based buffer over-read, resulting in a DoS or remote code execution by using crafted files of different formats.

For Debian 9 stretch, these problems have been fixed in version 2.0.5+dfsg1-2+deb9u1.

We recommend that you upgrade your libsdl2 packages.

For the detailed security status of libsdl2 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libsdl2

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
183138	Ubuntu 18.04 ESM / 20.04 ESM : Simple DirectMedia Layer vulnerabilities (USN-5274-1)	Nessus	Ubuntu Local Security Checks	high
171377	Debian DLA-3314-1 : libsdl2 - LTS security update	Nessus	Debian Local Security Checks	high
160100	SUSE SLES12 Security Update : SDL (SUSE-SU-2022:1312-1)	Nessus	SuSE Local Security Checks	high
160097	SUSE SLES11 Security Update : SDL (SUSE-SU-2022:14943-1)	Nessus	SuSE Local Security Checks	high
160064	SUSE SLED15 / SLES15 Security Update : SDL (SUSE-SU-2022:1273-1)	Nessus	SuSE Local Security Checks	high
158917	SUSE SLES15 Security Update : SDL2 (SUSE-SU-2022:0825-1)	Nessus	SuSE Local Security Checks	high
158064	SUSE SLES15 Security Update : SDL2 (SUSE-SU-2022:0104-2)	Nessus	SuSE Local Security Checks	high
157013	GLSA-202107-55 : SDL 2: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
156850	openSUSE 15 Security Update : SDL2 (openSUSE-SU-2022:0104-1)	Nessus	SuSE Local Security Checks	high
156814	SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2022:0104-1)	Nessus	SuSE Local Security Checks	high
146295	Fedora 33 : mingw-SDL2 (2021-9d65b22041)	Nessus	Fedora Local Security Checks	high
145772	Debian DLA-2536-1 : libsdl2 security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2020-14409

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high