CVE-2022-4743
- Source
- https://cve.org/CVERecord?id=CVE-2022-4743
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4743.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-4743
- Downstream
- Related
- Published
- 2023-01-12T19:15:24.457Z
- Modified
- 2026-03-15T22:46:32.362491Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A potential memory leak issue was discovered in SDL2 in GLESCreateTexture() function in SDLrender_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.
- References
-
- https://lists.debian.org/debian-lts-announce/2025/11/msg00024.html
- https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
- https://security.gentoo.org/glsa/202305-18
- https://access.redhat.com/security/cve/CVE-2022-4743
- https://bugzilla.redhat.com/show_bug.cgi?id=2156290
- https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b
- https://github.com/libsdl-org/SDL/pull/6269
Affected packages
Git / github.com/libsdl-org/sdl
Affected versions
2.*
2.0.22-RC1
2.0.22-RC2
2.0.22-RC3
prerelease-2.*
prerelease-2.23.1
prerelease-2.23.2
prerelease-2.25.1
release-2.*
release-2.0.0
release-2.0.1
release-2.0.10
release-2.0.12
release-2.0.14
release-2.0.16
release-2.0.18
release-2.0.2
release-2.0.20
release-2.0.22
release-2.0.3
release-2.0.4
release-2.0.5
release-2.0.6
release-2.0.7
release-2.0.8
release-2.0.9
release-2.24.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4743.json"
vanir_signatures
[
{
"source": "https://github.com/libsdl-org/sdl/commit/00b67f55727bc0944c3266e2b875440da132ce4b",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-4743-ddf23b88",
"digest": {
"length": 2275.0,
"function_hash": "277409803952387624747477745203809669219"
},
"signature_type": "Function",
"target": {
"file": "src/render/opengles/SDL_render_gles.c",
"function": "GLES_CreateTexture"
}
},
{
"source": "https://github.com/libsdl-org/sdl/commit/0bfeed061b10ea7dd37c88d9bae1824bad760f3a",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-4743-ddfe37e5",
"digest": {
"threshold": 0.9,
"line_hashes": [
"251792957033061759122686147335548417958",
"127828141964869523669479992424363206711",
"301507034874141268998269239494985803004",
"241202815087140268841263205833644788794",
"82924103398456847912393079654827962574"
]
},
"signature_type": "Line",
"target": {
"file": "android-project/app/src/main/java/org/libsdl/app/SDLActivity.java"
}
},
{
"source": "https://github.com/libsdl-org/sdl/commit/00b67f55727bc0944c3266e2b875440da132ce4b",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-4743-ffa52585",
"digest": {
"threshold": 0.9,
"line_hashes": [
"142439381264004840443746353990143780546",
"197919423198006125967986276811948504706",
"64978979014250257653026401312700540746",
"42900681341288130968829736364560505798",
"223379653357618446599963554803443243461",
"54600067151669781258380147290063608473",
"291444013731186317572824921900267202966",
"162334293808190679126064066572291388596"
]
},
"signature_type": "Line",
"target": {
"file": "src/render/opengles/SDL_render_gles.c"
}
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]