Vulnerability Details CVE-2021-33657
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
- https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
- https://security.gentoo.org/glsa/202305-17
- https://security.gentoo.org/glsa/202305-18
- https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
- https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
- https://security.gentoo.org/glsa/202305-17
- https://security.gentoo.org/glsa/202305-18
Products affected by CVE-2021-33657
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.0
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.1
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.10
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.12
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.14
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.16
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.18
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.2
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.3
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.4
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.5
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.6
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.7
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.8
-
cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.9