Aggregates CVE and security vulnerability intelligence across all libsdl-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact application crash, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-12218 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | [email protected] | 6.5 | 1.96% | 2019-05-20 | 2026-06-16 |
| CVE-2019-12217 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. | [email protected] | 6.5 | 2.27% | 2019-05-20 | 2026-06-16 |
| CVE-2019-12216 | An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | [email protected] | 6.5 | 2.21% | 2019-05-20 | 2026-06-16 |
| CVE-2019-7638 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. | [email protected] | 8.8 | 2.96% | 2019-02-08 | 2026-06-16 |
| CVE-2019-7637 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. | [email protected] | 8.8 | 3.11% | 2019-02-08 | 2026-06-16 |
| CVE-2019-7636 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. | [email protected] | 8.1 | 2.88% | 2019-02-08 | 2026-06-16 |
| CVE-2019-7635 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. | [email protected] | 8.1 | 3.30% | 2019-02-08 | 2026-06-16 |
| CVE-2019-7578 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. | [email protected] | 8.1 | 2.91% | 2019-02-07 | 2026-06-16 |
| CVE-2019-7577 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. | [email protected] | 8.8 | 2.99% | 2019-02-07 | 2026-06-16 |
| CVE-2019-7576 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). | [email protected] | 8.8 | 2.95% | 2019-02-07 | 2026-06-16 |
| CVE-2019-7575 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. | [email protected] | 8.8 | 2.96% | 2019-02-07 | 2026-06-16 |
| CVE-2019-7574 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. | [email protected] | 8.8 | 2.81% | 2019-02-07 | 2026-06-16 |
| CVE-2019-7573 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). | [email protected] | 8.8 | 2.96% | 2019-02-07 | 2026-06-16 |
| CVE-2019-7572 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. | [email protected] | 8.8 | 2.81% | 2019-02-07 | 2026-06-16 |
| CVE-2018-3977 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 3.48% | 2018-11-01 | 2026-06-16 |
| CVE-2017-14450 | A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. | [email protected] | 7.1 | 1.58% | 2018-04-24 | 2026-06-16 |
| CVE-2017-14449 | A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 7.5 | 1.68% | 2018-04-24 | 2026-06-16 |
| CVE-2017-14448 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.40% | 2018-04-24 | 2026-06-16 |
| CVE-2017-14442 | An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.40% | 2018-04-24 | 2026-06-16 |
| CVE-2017-14441 | An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | [email protected] | 8.8 | 2.68% | 2018-04-24 | 2026-06-16 |