SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. CREATE(Triage):(User=admin) CVE-2020-14410 (https://nvd.nist.gov/vuln/detail/CVE-2020-14410)