CVE-2022-4743 in SDL2
Summary
by MITRE • 01/12/2023
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 11/28/2025
The vulnerability identified as CVE-2022-4743 represents a memory leak condition within the Simple DirectMedia Layer 2 (SDL2) multimedia library that specifically impacts the GLES_CreateTexture() function located in SDL_render_gles.c. This flaw exists in SDL2 versions 2.0.4 and later, with SDL-1.x versions remaining unaffected by this particular issue. The memory leak occurs during the texture creation process when utilizing OpenGL ES rendering backend, which is commonly employed in multimedia applications, games, and graphical software that rely on SDL2 for cross-platform rendering capabilities.
The technical nature of this vulnerability stems from improper memory management within the GLES_CreateTexture() function where allocated memory resources are not consistently released when texture creation fails or encounters errors during execution. This memory leak manifests when the function attempts to create OpenGL ES textures but fails to properly clean up previously allocated memory blocks, leading to gradual memory consumption over time. The flaw operates at the rendering subsystem level of SDL2, specifically affecting applications that utilize the OpenGL ES graphics API through the SDL2 rendering interface. When multiple texture creation operations occur in succession or when applications repeatedly create and destroy textures without proper cleanup, the cumulative effect results in memory exhaustion.
The operational impact of this vulnerability extends to denial of service conditions where applications utilizing SDL2 with OpenGL ES rendering may experience progressive memory consumption that eventually leads to system resource exhaustion. Attackers can exploit this vulnerability by crafting specific sequences of texture creation requests that trigger the memory leak scenario, causing applications to consume increasing amounts of memory until system performance degrades significantly or the application crashes entirely. This vulnerability is particularly concerning in long-running applications such as games, multimedia players, or server applications that frequently create and destroy textures during runtime operations, as the memory leak can accumulate unnoticed over extended periods, ultimately resulting in system instability or complete application failure.
Mitigation strategies for this vulnerability primarily involve updating to patched versions of SDL2 where the memory leak in GLES_CreateTexture() has been resolved through proper memory management practices and resource cleanup procedures. System administrators and developers should prioritize updating their SDL2 dependencies to versions that contain the necessary fixes, as this vulnerability affects the core rendering functionality of applications built on SDL2. Additionally, implementing proper application-level memory monitoring and resource management practices can help detect and mitigate the impact of such memory leaks in environments where immediate updates are not feasible. The vulnerability aligns with CWE-401, which specifically addresses improper release of memory, and represents a typical example of how rendering subsystem flaws can lead to denial of service conditions in multimedia applications. Organizations should also consider implementing runtime monitoring solutions that can detect unusual memory consumption patterns and alert administrators to potential exploitation of such vulnerabilities.