VDB
CVE-2021-33657
CVE-2021-33657
PUBLISHED
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
EPSS 0.26% · 49.2th percentile
Risk Scores
EPSS Score
0.26%
49.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | libsdl1.2 | 1.2.15+dfsg2-6, 0 |
| Ubuntu:18.04:LTS | libsdl1.2 | 0, *, 1.2.15+dfsg2-0.1 |
| Ubuntu:Pro:14.04:LTS | libsdl2 | 2.0.2+dfsg1-3ubuntu1, 2.0.2+dfsg1-3ubuntu1.1, 2.0.2+dfsg1-3ubuntu1.2 |
| Ubuntu:20.04:LTS | libsdl1.2 | 0, 1.2.15+dfsg2-5 |
| Ubuntu:Pro:20.04:LTS | libsdl2 | 2.0.10+dfsg1-3ubuntu0.1~esm1, *, 0 |
| Ubuntu:Pro:14.04:LTS | libsdl1.2 | 1.2.15-5ubuntu2, 0, 1.2.15-5ubuntu3 |
| Ubuntu:Pro:18.04:LTS | libsdl2 | 2.0.8+dfsg1-1ubuntu1.18.04.3, *, * |
| Ubuntu:16.04:LTS | libsdl2 | 2.0.4+dfsg1-2ubuntu2.16.04.1, 2.0.2+dfsg1-6ubuntu2, 2.0.4+dfsg1-2 |
| Ubuntu:Pro:16.04:LTS | libsdl1.2 | 1.2.15+dfsg1-3, *, 1.2.15-12ubuntu1 |
Timeline
- Apr 1, 2022 CVE Published
- Apr 2, 2022 EPSS Score
- Apr 13, 2022 EPSS Score
- May 23, 2022 EPSS Score
- Sep 2, 2022 EPSS Score
- Oct 22, 2022 EPSS Score
- Dec 12, 2022 EPSS Score
- Feb 1, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 23, 2023 EPSS Score
- Jul 3, 2023 EPSS Score
- Aug 22, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-33657 third-party-advisory
- https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 third-party-advisory
- https://ubuntu.com/security/notices/USN-5398-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-33657 third-party-advisory