PT-2021-7990 · Sdl+5 · Sdl+5

Published

2021-11-30

Updated

2025-07-03

CVE-2021-33657

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 2.x through 2.0.18

Description The issue is related to a heap overflow problem in the src/video/SDL pixels.c component of the Simple DirectMedia Layer library. This can be exploited by a remote attacker using a malicious .BMP file, potentially allowing them to access confidential data, compromise data integrity, and cause a denial of service or achieve code execution.

Recommendations For SDL (Simple DirectMedia Layer) versions 2.x through 2.0.18, update to a version later than 2.0.18 to resolve the issue. As a temporary workaround, consider restricting the use of .BMP files with the library until a patch is available.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2022-1019

ALT-PU-2024-12812

ALT-PU-2024-17781

ALT-PU-2024-8940

BDU:2024-01494

CVE-2021-33657

DLA-3314-1

MGASA-2022-0326

MGASA-2022-0332

OESA-2022-1592

OPENSUSE-SU-2022_1218-1

OPENSUSE-SU-2022_1273-1

OPENSUSE-SU-2024:11984-1

OPENSUSE-SU-2024:13582-1

OPENSUSE-SU-2025:15205-1

OPENSUSE-SU-2025:15206-1

SUSE-SU-2022:1218-1

SUSE-SU-2022:1273-1

SUSE-SU-2022:1312-1

SUSE-SU-2022:1313-1

SUSE-SU-2022:14943-1

SUSE-SU-2022_1218-1

SUSE-SU-2022_1313-1

SUSE-SU-2022_14943-1

USN-5398-1

Affected Products

Alt Linux

Astra Linux

Debian

Sdl

Suse

Ubuntu

PT-2021-7990 · Sdl+5 · Sdl+5

CVE-2021-33657

Weakness Enumeration

Related Identifiers

Affected Products

References · 69