CVE-2021-33657: There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cef47e4e9a0a9bef8a22dbfb6bb9a2778aedd5b9 commit cef47e4e9a0a9bef8a22dbfb6bb9a2778aedd5b9 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2022-04-14 21:31:12 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2022-04-14 21:31:12 +0000 media-libs/libsdl2: Drop old and vulnerable 2.0.16-r1 Bug: https://bugs.gentoo.org/836665 Signed-off-by: James Le Cuirot <chewi@gentoo.org> media-libs/libsdl2/Manifest | 1 - media-libs/libsdl2/libsdl2-2.0.16-r1.ebuild | 230 ---------------------------- 2 files changed, 231 deletions(-)
This seems to affect media-libs/libsdl too: https://github.com/libsdl-org/SDL-1.2/commit/d95c1a4bbd644baba748d341b03141e5f0481ae6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9939f85601cbca6f6cd1ee7f39f4f8c170358595 commit 9939f85601cbca6f6cd1ee7f39f4f8c170358595 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-16 04:35:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-16 04:35:02 +0000 media-libs/libsdl: add 1.2.15_p20221201 Fixes CVE-2021-33657. Bug: https://bugs.gentoo.org/836665 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libsdl/Manifest | 1 + media-libs/libsdl/libsdl-1.2.15_p20221201.ebuild | 166 +++++++++++++++++++++++ 2 files changed, 167 insertions(+)
GLSA request filed (for libsdl only)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1df848183ceabb2deaed160a1e0f1606600e81b7 commit 1df848183ceabb2deaed160a1e0f1606600e81b7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:04:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:29 +0000 [ GLSA 202305-18 ] libsdl2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/836665 Bug: https://bugs.gentoo.org/890614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-18.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) https://gitweb.gentoo.org/data/glsa.git/commit/?id=dc3bc707b0c4671c9ae4a89a5b6777e764f0c3ad commit dc3bc707b0c4671c9ae4a89a5b6777e764f0c3ad Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:04:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:29 +0000 [ GLSA 202305-17 ] libsdl: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/692388 Bug: https://bugs.gentoo.org/836665 Bug: https://bugs.gentoo.org/861809 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-17.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)
