VYPR

Vendor CVEs

Sdl

All CVEs

30 total · sorted by risk
  • CVE-2017-14448HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2017-14442HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2017-14441HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted…

  • CVE-2017-14440HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this…

  • CVE-2017-12122HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2017-2888HigOct 11, 2017
    risk 0.57cvss 8.8epss 0.03

    An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker…

  • CVE-2017-2887HigOct 11, 2017
    risk 0.57cvss 8.8epss 0.03

    An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to…

  • CVE-2017-14449HigApr 24, 2018
    risk 0.49cvss 7.5epss 0.02

    A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2017-14450HigApr 24, 2018
    risk 0.46cvss 7.1epss 0.02

    A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.

  • CVE-2018-3838MedApr 10, 2018
    risk 0.42cvss 6.5epss 0.02

    An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a…

  • CVE-2026-35444HigApr 6, 2026
    risk 0.39cvss 7.1epss 0.00

    SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file…

  • CVE-2007-6697Feb 1, 2008
    risk 0.04cvss epss 0.11

    Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details…

  • CVE-2018-19371Jan 2, 2019
    risk 0.03cvss epss 0.06

    The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.

  • CVE-2008-0544Feb 1, 2008
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained…

  • CVE-2022-27470May 4, 2022
    risk 0.00cvss epss 0.01

    SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

  • CVE-2021-33657Apr 1, 2022
    risk 0.00cvss epss 0.02

    There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.

  • CVE-2019-19721May 15, 2020
    risk 0.00cvss epss 0.02

    An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

  • CVE-2019-5060Jul 31, 2019
    risk 0.00cvss epss 0.04

    An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds,…

  • CVE-2019-5058Jul 31, 2019
    risk 0.00cvss epss 0.04

    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2019-5052Jul 3, 2019
    risk 0.00cvss epss 0.05

    An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker…

  • CVE-2019-12221May 20, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

  • CVE-2019-12219May 20, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.

  • CVE-2019-12218May 20, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

  • CVE-2019-12217May 20, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.

  • CVE-2019-7638Feb 8, 2019
    risk 0.00cvss epss 0.03

    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

  • CVE-2019-7572Feb 7, 2019
    risk 0.00cvss epss 0.03

    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

  • CVE-2019-7577Feb 7, 2019
    risk 0.00cvss epss 0.03

    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

  • CVE-2019-7578Feb 7, 2019
    risk 0.00cvss epss 0.03

    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

  • CVE-2018-3977Nov 1, 2018
    risk 0.00cvss epss 0.03

    An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

  • CVE-2005-0099Mar 8, 2005
    risk 0.00cvss epss 0.00

    The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.