CVE-2020-14409
- Source
- https://cve.org/CVERecord?id=CVE-2020-14409
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14409.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-14409
- Downstream
- Related
- Published
- 2021-01-19T20:15:12.207Z
- Modified
- 2026-03-19T12:39:56.331832Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDLmemcpy heap corruption) in SDLBlitCopy in video/SDLblitcopy.c via a crafted .BMP file.
- References
-
- https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
- https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FS32YCEJLQ2FYUWSWYI2ZMQWQEAWJNR/
- https://security.gentoo.org/glsa/202107-55
- https://www.starwindsoftware.com/security/sw-20210325-0001/
- https://bugzilla.libsdl.org/show_bug.cgi?id=5200
- https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
Affected packages
Git / github.com/libsdl-org/sdl
Affected versions
release-2.*
release-2.0.12
release-2.0.14
release-2.0.16
release-2.0.18
release-2.0.20
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14409.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "v8-build12533"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "v8-build12658"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "v8-build12859"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "v8-build13170"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "v8-build13586"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "v8-build13861"
}
]
}
]