{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33657", "ASSIGNER": "securities@openeuler.org", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "n/a", "product": { "product_data": [ { "product_name": "SDL2", "version": { "version_data": [ { "version_value": "2.x to 2.0.18" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "heap overflow" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "name": "https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9", "url": "https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html" }, { "refsource": "GENTOO", "name": "GLSA-202305-18", "url": "https://security.gentoo.org/glsa/202305-18" }, { "refsource": "GENTOO", "name": "GLSA-202305-17", "url": "https://security.gentoo.org/glsa/202305-17" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution." } ] } }