SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDLmemcpy heap corruption) in SDLBlitCopy in video/SDLblitcopy.c via a crafted .BMP file.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "libsdl2-2.0-0", "binary_version": "2.0.8+dfsg1-1ubuntu1.18.04.4+esm1" }, { "binary_name": "libsdl2-2.0-0-dbgsym", "binary_version": "2.0.8+dfsg1-1ubuntu1.18.04.4+esm1" }, { "binary_name": "libsdl2-dev", "binary_version": "2.0.8+dfsg1-1ubuntu1.18.04.4+esm1" }, { "binary_name": "libsdl2-doc", "binary_version": "2.0.8+dfsg1-1ubuntu1.18.04.4+esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "libsdl2-2.0-0", "binary_version": "2.0.10+dfsg1-3ubuntu0.1~esm1" }, { "binary_name": "libsdl2-2.0-0-dbgsym", "binary_version": "2.0.10+dfsg1-3ubuntu0.1~esm1" }, { "binary_name": "libsdl2-dev", "binary_version": "2.0.10+dfsg1-3ubuntu0.1~esm1" }, { "binary_name": "libsdl2-doc", "binary_version": "2.0.10+dfsg1-3ubuntu0.1~esm1" } ] }