First Last Prev Next    This bug is not in your last search results.
Bug 1201977 - (CVE-2022-34568) VUL-0: CVE-2022-34568: SDL2,SDL: Use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c
(CVE-2022-34568)
VUL-0: CVE-2022-34568: SDL2,SDL: Use-after-free via the XFree function at /sr...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/338488/
CVSSv3.1:SUSE:CVE-2022-34568:2.9:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-07-29 08:18 UTC by Hu
Modified: 2022-12-20 11:25 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hu 2022-07-29 08:18:30 UTC 
CVE-2022-34568

SDL v1.2 was discovered to contain a use-after-free via the XFree function at
/src/video/x11/SDL_x11yuv.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34568
https://github.com/libsdl-org/SDL-1.2/issues/863
http://www.cvedetails.com/cve/CVE-2022-34568/
Comment 1 Hu 2022-07-29 08:18:53 UTC 
Fix: https://github.com/libsdl-org/SDL-1.2/commit/d7e00208738a0bc6af302723fe64908ac35b777b

Affected:
- SUSE:SLE-11:Update/SDL       1.2.13

Not Affected:
- SUSE:SLE-12:Update/SDL       1.2.15
- SUSE:SLE-15:Update/SDL       1.2.15
- SUSE:SLE-15-SP2:Update/SDL2  2.0.8
- SUSE:SLE-15:Update/SDL2      2.0.8
- openSUSE:Factory/SDL2        2.0.22
Comment 3 Jia Zhaocong 2022-10-19 03:55:06 UTC 
Cleaning up GNOME CVE backlog. The fix has been submitted and accepted. Assign
back to security team.
Comment 4 Hu 2022-12-20 11:25:13 UTC 
done
First Last Prev Next    This bug is not in your last search results.