Ozkan Sezer

**Name of the Vulnerable Software and Affected Versions** SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9 **Description** The issue is related to a heap-based buffer over-read in the `BlitNtoN` function in `video/SDL blit N.c` when called from `SDL SoftBlit` in `video/SDL blit.c`. This can allow a remote attacker to access confidential data and cause a denial of service. **Recommendations** For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, consider updating to a version that fixes the issue. For SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9, consider updating to a version that fixes the issue. As a temporary workaround, consider restricting access to the `BlitNtoN` function in `video/SDL blit N.c` to minimize the risk of exploitation.