Carlos Andres Ramirez Catano

**Name of the Vulnerable Software and Affected Versions** SDL (Simple DirectMedia Layer) versions 2.0.12 and earlier **Description** The issue is related to a heap-based buffer over-read in the `Blit 3or4 to 3or4 inversed rgb` function in `video/SDL blit N.c`, which can be triggered via a crafted .BMP file. This could allow a remote attacker to access confidential data and cause a denial of service. **Recommendations** For SDL (Simple DirectMedia Layer) versions 2.0.12 and earlier, consider updating to a version later than 2.0.12 to resolve the issue. As a temporary workaround, consider restricting the use of the `Blit 3or4 to 3or4 inversed rgb` function in `video/SDL blit N.c` until a patch is available. Avoid using crafted .BMP files to minimize the risk of exploitation.