PT-2021-3615 · Sdl+5 · Sdl+5

Carlos Andres Ramirez Catano

Published

2020-12-23

Updated

2025-07-03

CVE-2020-14410

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 2.0.12 and earlier

Description The issue is related to a heap-based buffer over-read in the Blit 3or4 to 3or4 inversed rgb function in video/SDL blit N.c, which can be triggered via a crafted .BMP file. This could allow a remote attacker to access confidential data and cause a denial of service.

Recommendations For SDL (Simple DirectMedia Layer) versions 2.0.12 and earlier, consider updating to a version later than 2.0.12 to resolve the issue. As a temporary workaround, consider restricting the use of the Blit 3or4 to 3or4 inversed rgb function in video/SDL blit N.c until a patch is available. Avoid using crafted .BMP files to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-3552

ALT-PU-2021-1595

ALT-PU-2024-12812

BDU:2021-03749

CVE-2020-14410

DLA-2536-1

DLA-3314-1

MGASA-2021-0201

OESA-2022-1645

OPENSUSE-SU-2022:0104-1

OPENSUSE-SU-2022_0104-1

OPENSUSE-SU-2022_0104-2

OPENSUSE-SU-2022_1273-1

OPENSUSE-SU-2024:13582-1

OPENSUSE-SU-2025:15206-1

SUSE-SU-2022:0104-1

SUSE-SU-2022:0104-2

SUSE-SU-2022:0825-1

SUSE-SU-2022:1273-1

SUSE-SU-2022:1312-1

SUSE-SU-2022:14943-1

SUSE-SU-2022_14943-1

USN-5274-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Sdl

Suse

Ubuntu

PT-2021-3615 · Sdl+5 · Sdl+5

CVE-2020-14410

Weakness Enumeration

Related Identifiers

Affected Products

References · 79