Overview

File _patchinfo of Package patchinfo.22370

<patchinfo incident="22370">
  <issue tracker="bnc" id="1181201">VUL-0: CVE-2020-14410: SDL,SDL2: heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP</issue>
  <issue tracker="bnc" id="1181202">VUL-0: CVE-2020-14409: SDL2,SDL: Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP</issue>
  <issue tracker="cve" id="2020-14409"/>
  <issue tracker="cve" id="2020-14410"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for SDL2</summary>
  <description>This update for SDL2 fixes the following issues:

- CVE-2020-14409: Fixed Integer Overflow resulting in heap corruption in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP (bsc#1181202).
- CVE-2020-14410: Fixed heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP (bsc#1181201).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places