Avital Ostromich

**Name of the Vulnerable Software and Affected Versions** SDL versions 1.2.15 and earlier SDL versions 2.x through 2.0.9 **Description** The issue is related to a heap-based buffer over-read in the Map1toN function of the SDL library, specifically in the video/SDL pixels.c file. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For SDL versions 1.2.15 and earlier, update to a version later than 1.2.15. For SDL versions 2.x through 2.0.9, update to a version later than 2.0.9. As a temporary workaround, consider disabling the `Map1toN` function in the video/SDL pixels.c file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9 **Description** The issue is related to a heap-based buffer over-read in the `Blit1to4` function located in `video/SDL blit 1.c` of the Simple DirectMedia Layer library. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, update to a version later than 1.2.15. For SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9, update to a version later than 2.0.9. As a temporary workaround, consider disabling the `Blit1to4` function in `video/SDL blit 1.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SDL (Simple DirectMedia Layer) versions 1.2.0 through 1.2.15 SDL (Simple DirectMedia Layer) versions 2.0.0 through 2.0.9 **Description** The issue is related to a heap-based buffer over-read in the `SDL GetRGB` function, located in video/SDL pixels.c. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions 1.2.0 through 1.2.15, consider updating to a version that fixes the heap-based buffer over-read issue in the `SDL GetRGB` function. For versions 2.0.0 through 2.0.9, consider updating to a version that fixes the heap-based buffer over-read issue in the `SDL GetRGB` function. As a temporary workaround, consider disabling the `SDL GetRGB` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.0.9 and earlier **Description** The issue is related to a heap-based buffer overflow in the `SDL FillRect` function, located in video/SDL surface.c. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, update to a version later than 1.2.15 to resolve the issue. For SDL (Simple DirectMedia Layer) versions 2.0.9 and earlier, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider disabling the `SDL FillRect` function until a patch is available.