CVE-2020-14410

  • Last update: Apr 13, 2023

Description

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

Software From Fixed in
debian / debian_linux 9.0 9.0.x
fedoraproject / fedora 33 33.x
libsdl / simple_directmedia_layer 2.0.12 2.0.20.x

Details

    • Severity: Medium
  • CVE: CVE-2020-14410
  • Published: Jan 19, 2021
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v3

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVSS v2

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:N/A:P

CWEs