SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

The remote Ubuntu 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5274-1 advisory.

    It was discovered that Simple DirectMedia Layer library incorrectly handled memory when parsing certain     specially crafted .BMP files. An attacker could possibly use these issues to crash the application or     execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3314 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3314-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Markus Koschany     February 09, 2023                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : libsdl2     Version        : 2.0.9+dfsg1-1+deb10u1     CVE ID         : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575                      CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635                      CVE-2019-7636 CVE-2019-7638 CVE-2019-13616 CVE-2019-13626                      CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 CVE-2022-4743     Debian Bug     : 924610 1014577

    Several security vulnerabilities have been discovered in SDL2, the Simple     DirectMedia Layer library. These vulnerabilities may allow an attacker to     cause a denial of service or result in the execution of arbitrary code if     malformed images or sound files are processed.

    For Debian 10 buster, these problems have been fixed in version     2.0.9+dfsg1-1+deb10u1.

    We recommend that you upgrade your libsdl2 packages.

    For the detailed security status of libsdl2 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libsdl2

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1312-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

  - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18     versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to     crash, denial of service or Code execution. (CVE-2021-33657)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14943-1 advisory.

  - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in     SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

  - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18     versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to     crash, denial of service or Code execution. (CVE-2021-33657)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1273-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

  - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18     versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to     crash, denial of service or Code execution. (CVE-2021-33657)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0825-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0104-2 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202107-55 (SDL 2: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in SDL 2. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0104-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0104-1 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9d65b22041 advisory.

  - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap     corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)

  - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in     Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Several issues have been found in libsdl2, a library for portable low level access to a video framebuffer, audio output, mouse, and keyboard. All issues are related to either buffer overflow, integer overflow or heap-based buffer over-read, resulting in a DoS or remote code execution by using crafted files of different formats.

For Debian 9 stretch, these problems have been fixed in version 2.0.5+dfsg1-2+deb9u1.

We recommend that you upgrade your libsdl2 packages.

For the detailed security status of libsdl2 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libsdl2

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
183138	Ubuntu 18.04 ESM / 20.04 ESM : Simple DirectMedia Layer vulnerabilities (USN-5274-1)	Nessus	Ubuntu Local Security Checks	high
171377	Debian dla-3314 : libsdl2-2.0-0 - security update	Nessus	Debian Local Security Checks	high
160100	SUSE SLES12 Security Update : SDL (SUSE-SU-2022:1312-1)	Nessus	SuSE Local Security Checks	high
160097	SUSE SLES11 Security Update : SDL (SUSE-SU-2022:14943-1)	Nessus	SuSE Local Security Checks	high
160064	SUSE SLED15 / SLES15 Security Update : SDL (SUSE-SU-2022:1273-1)	Nessus	SuSE Local Security Checks	high
158917	SUSE SLES15 Security Update : SDL2 (SUSE-SU-2022:0825-1)	Nessus	SuSE Local Security Checks	high
158064	SUSE SLES15 Security Update : SDL2 (SUSE-SU-2022:0104-2)	Nessus	SuSE Local Security Checks	high
157013	GLSA-202107-55 : SDL 2: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
156850	openSUSE 15 Security Update : SDL2 (openSUSE-SU-2022:0104-1)	Nessus	SuSE Local Security Checks	high
156814	SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2022:0104-1)	Nessus	SuSE Local Security Checks	high
146295	Fedora 33 : mingw-SDL2 (2021-9d65b22041)	Nessus	Fedora Local Security Checks	high
145772	Debian DLA-2536-1 : libsdl2 security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2020-14409

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high