Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 692392

Summary: <media-libs/libsdl2-2.0.10: multiple vulnerabilities (CVE-2019-{7572,7573,7574,7575,7576,7577,7578,7635,7636,7638})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: games
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=690064
Whiteboard: B2 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 690064    
Bug Blocks: 692386    

Description GLSAMaker/CVETool Bot gentoo-dev 2019-08-17 22:40:07 UTC 
CVE-2019-7572 (https://nvd.nist.gov/vuln/detail/CVE-2019-7572):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

CVE-2019-7573 (https://nvd.nist.gov/vuln/detail/CVE-2019-7573):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the
  wNumCoef loop).

CVE-2019-7574 (https://nvd.nist.gov/vuln/detail/CVE-2019-7574):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

CVE-2019-7575 (https://nvd.nist.gov/vuln/detail/CVE-2019-7575):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

CVE-2019-7576 (https://nvd.nist.gov/vuln/detail/CVE-2019-7576):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the
  wNumCoef loop).

CVE-2019-7577 (https://nvd.nist.gov/vuln/detail/CVE-2019-7577):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

CVE-2019-7578 (https://nvd.nist.gov/vuln/detail/CVE-2019-7578):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

CVE-2019-7635 (https://nvd.nist.gov/vuln/detail/CVE-2019-7635):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

CVE-2019-7636 (https://nvd.nist.gov/vuln/detail/CVE-2019-7636):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

CVE-2019-7638 (https://nvd.nist.gov/vuln/detail/CVE-2019-7638):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2019-09-08 17:47:21 UTC 
This issue was resolved and addressed in
 GLSA 201909-07 at https://security.gentoo.org/glsa/201909-07
by GLSA coordinator Thomas Deutschmann (whissi).