You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This bug report was migrated from our old Bugzilla tracker.
Reported in version: 2.0.12 Reported for operating system, platform: All, x86_64
Comments on the original bug report:
On 2020-06-19 03:26:05 +0000, Carlos Andres Ramirez wrote:
This has recently been FIXED, added here for reference for all parties.
On June 17th, two security issues were reported to the SDL team in regards of (1) a Buffer Overflow in video/SDL_blit_N.c and (2) an Integer Overflow leading to Heap Corruption in video/SDL_blit_copy.c. As a result of both of these issues, an attacker could crash/DOS/take control of the application via an especially crafted .BMP file.
A patch was quickly released by the team.
After analysis of the PoC, both of the issues were fixed by doing several changes in three different parts of video/SDL_surface.c, which prevents the bad input from reaching the exploitable functions.