{"id":"JLSEC-2026-364","details":"There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.","modified":"2026-04-30T14:30:28.949758Z","published":"2026-04-30T14:15:09.088Z","upstream":["CVE-2021-33657"],"database_specific":{"sources":[{"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33657","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-33657","modified":"2024-11-21T06:09:17.713Z","id":"CVE-2021-33657","database_specific":{"status":"Modified"},"imported":"2026-04-30T14:02:59.894Z","published":"2022-04-01T23:15:10.363Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9"},{"type":"WEB","url":"https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202305-17"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202305-17"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202305-18"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202305-18"}],"affected":[{"package":{"name":"SDL2_jll","ecosystem":"Julia","purl":"pkg:julia/SDL2_jll?uuid=ab825dc5-c88e-5901-9575-1e5e20358fcf"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.0.20+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-364.json"}}],"schema_version":"1.7.5"}