CVE-2022-4743

NameCVE-2022-4743
DescriptionA potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3314-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libsdl2 (PTS)bullseye2.0.14+dfsg2-3+deb11u1vulnerable
bookworm2.26.5+dfsg-1fixed
sid, trixie2.30.5+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libsdl2sourcebuster2.0.9+dfsg1-1+deb10u1DLA-3314-1
libsdl2source(unstable)2.26.0+dfsg-1

Notes

[bullseye] - libsdl2 <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2156290
https://github.com/libsdl-org/SDL/pull/6269
Fixed by: https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b (prerelease-2.25.1)

Search for package or bug name: Reporting problems