PT-2021-3608 · Sdl+5 · Sdl+5

Slouken

Published

2020-12-23

Updated

2025-07-03

CVE-2020-14409

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 2.0.12 and earlier

Description The issue is related to an integer overflow in the SDL BlitCopy function in the video/SDL blit copy.c component of the Simple DirectMedia Layer library. This can lead to SDL memcpy heap corruption when processing a crafted .BMP file. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For SDL (Simple DirectMedia Layer) versions 2.0.12 and earlier, consider updating to a version later than 2.0.12 to resolve the issue. As a temporary workaround, consider restricting the use of the SDL BlitCopy function in the video/SDL blit copy.c component until a patch is available. Avoid using crafted .BMP files to minimize the risk of exploitation.

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALT-PU-2020-3552

ALT-PU-2021-1595

ALT-PU-2024-12812

BDU:2021-03729

CVE-2020-14409

DLA-2536-1

DLA-3314-1

MGASA-2021-0201

OESA-2022-1645

OPENSUSE-SU-2022:0104-1

OPENSUSE-SU-2022_0104-1

OPENSUSE-SU-2022_0104-2

OPENSUSE-SU-2022_1273-1

OPENSUSE-SU-2024:13582-1

OPENSUSE-SU-2025:15206-1

SUSE-SU-2022:0104-1

SUSE-SU-2022:0104-2

SUSE-SU-2022:0825-1

SUSE-SU-2022:1273-1

SUSE-SU-2022:1312-1

SUSE-SU-2022:14943-1

SUSE-SU-2022_0104-1

SUSE-SU-2022_0825-1

SUSE-SU-2022_1273-1

SUSE-SU-2022_1312-1

SUSE-SU-2022_14943-1

USN-5274-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Sdl

Suse

Ubuntu

PT-2021-3608 · Sdl+5 · Sdl+5

CVE-2020-14409

Weakness Enumeration

Related Identifiers

Affected Products

References · 80