CVE-2022-4743 — libsdl2 - security update

Description

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.

How to fix CVE-2022-4743

To remediate CVE-2022-4743, upgrade the affected package to a fixed version below.

Debian/libsdl2—upgrade to 2.0.14+dfsg2-3+deb11u2 or later
—upgrade to 2.0.14+dfsg2-3+deb11u2 or later

Is CVE-2022-4743 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2.0.14+dfsg2-3+deb11u2
from 0, < 2.0.14+dfsg2-3+deb11u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-4743