VYPR
Vendor

Sdl

Products
5
CVEs
30
Across products
30
Status
Private

Products

5

Recent CVEs

30
View all 30 CVEs →
  • CVE-2017-14448HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2017-14442HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2017-14441HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted…

  • CVE-2017-14440HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this…

  • CVE-2017-12122HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2017-2888HigOct 11, 2017
    risk 0.57cvss 8.8epss 0.03

    An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker…

  • CVE-2017-2887HigOct 11, 2017
    risk 0.57cvss 8.8epss 0.03

    An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to…

  • CVE-2017-14449HigApr 24, 2018
    risk 0.49cvss 7.5epss 0.02

    A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2017-14450HigApr 24, 2018
    risk 0.46cvss 7.1epss 0.02

    A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.

  • CVE-2018-3838MedApr 10, 2018
    risk 0.42cvss 6.5epss 0.02

    An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a…

  • CVE-2026-35444HigApr 6, 2026
    risk 0.39cvss 7.1epss 0.00

    SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file…

  • CVE-2007-6697Feb 1, 2008
    risk 0.04cvss epss 0.11

    Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details…

  • CVE-2018-19371Jan 2, 2019
    risk 0.03cvss epss 0.06

    The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.

  • CVE-2008-0544Feb 1, 2008
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained…

  • CVE-2022-27470May 4, 2022
    risk 0.00cvss epss 0.01

    SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

  • CVE-2021-33657Apr 1, 2022
    risk 0.00cvss epss 0.02

    There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.

  • CVE-2019-19721May 15, 2020
    risk 0.00cvss epss 0.02

    An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

  • CVE-2019-5060Jul 31, 2019
    risk 0.00cvss epss 0.04

    An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds,…

  • CVE-2019-5058Jul 31, 2019
    risk 0.00cvss epss 0.04

    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2019-5052Jul 3, 2019
    risk 0.00cvss epss 0.05

    An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker…