CVE-2021-33657
Published: 1 April 2022
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
libsdl1.2 Launchpad, Ubuntu, Debian |
bionic |
Released
(1.2.15+dfsg2-0.1ubuntu0.2)
|
focal |
Needed
|
|
impish |
Needed
|
|
jammy |
Needed
|
|
trusty |
Released
(1.2.15-8ubuntu1.1+esm2)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.2.15+dfsg1-3ubuntu0.1+esm1)
|
|
libsdl2 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Needed
|
|
impish |
Released
(2.0.14+dfsg2-3ubuntu0.1)
|
|
jammy |
Not vulnerable
(2.0.20+dfsg-2)
|
|
trusty |
Needed
|
|
upstream |
Released
(2.0.20)
|
|
xenial |
Ignored
(out of standard support)
|
Notes
Author | Note |
---|---|
rodrigo-zaiden | The POC from the SDL issue link only reproduces in versions 2.0.16 and 2.0.18 because of the following commit https://github.com/libsdl-org/SDL/commit/fed84650 In older versions of libsdl2 and also libsdl1.2, even though the commit above is not present, I think that there might be a slight chance to trick the lib with a special crafted input to cause the heap overflow, and patching will not cause any harm. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33657
- https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20)
- https://ubuntu.com/security/notices/USN-5398-1
- NVD
- Launchpad
- Debian