Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 692392 - <media-libs/libsdl2-2.0.10: multiple vulnerabilities (CVE-2019-{7572,7573,7574,7575,7576,7577,7578,7635,7636,7638})
Summary: <media-libs/libsdl2-2.0.10: multiple vulnerabilities (CVE-2019-{7572,7573,757...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on: CVE-2019-13626
Blocks: CVE-2019-13616, CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7638
  Show dependency tree
 
Reported: 2019-08-17 22:40 UTC by GLSAMaker/CVETool Bot
Modified: 2019-09-08 17:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-08-17 22:40:07 UTC 
CVE-2019-7572 (https://nvd.nist.gov/vuln/detail/CVE-2019-7572):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

CVE-2019-7573 (https://nvd.nist.gov/vuln/detail/CVE-2019-7573):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the
  wNumCoef loop).

CVE-2019-7574 (https://nvd.nist.gov/vuln/detail/CVE-2019-7574):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

CVE-2019-7575 (https://nvd.nist.gov/vuln/detail/CVE-2019-7575):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

CVE-2019-7576 (https://nvd.nist.gov/vuln/detail/CVE-2019-7576):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the
  wNumCoef loop).

CVE-2019-7577 (https://nvd.nist.gov/vuln/detail/CVE-2019-7577):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

CVE-2019-7578 (https://nvd.nist.gov/vuln/detail/CVE-2019-7578):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

CVE-2019-7635 (https://nvd.nist.gov/vuln/detail/CVE-2019-7635):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

CVE-2019-7636 (https://nvd.nist.gov/vuln/detail/CVE-2019-7636):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

CVE-2019-7638 (https://nvd.nist.gov/vuln/detail/CVE-2019-7638):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2019-09-08 17:47:21 UTC 
This issue was resolved and addressed in
 GLSA 201909-07 at https://security.gentoo.org/glsa/201909-07
by GLSA coordinator Thomas Deutschmann (whissi).