Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 692386 (CVE-2019-13616, CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7638) - [TRACKER] Simple DirectMedia Layer: multiple vulnerabilities (CVE-2019-{7572,7573,7574,7575,7576,7577,7578,7635,7636,7638,13616})
Summary: [TRACKER] Simple DirectMedia Layer: multiple vulnerabilities (CVE-2019-{7572,...
Status: RESOLVED FIXED
Alias: CVE-2019-13616, CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7638
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: Tracker
Depends on: 692388 692392 772194
Blocks:
  Show dependency tree
 
Reported: 2019-08-17 22:37 UTC by GLSAMaker/CVETool Bot
Modified: 2023-05-03 10:12 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-08-17 22:37:12 UTC
CVE-2019-7572 (https://nvd.nist.gov/vuln/detail/CVE-2019-7572):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

CVE-2019-7573 (https://nvd.nist.gov/vuln/detail/CVE-2019-7573):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the
  wNumCoef loop).

CVE-2019-7574 (https://nvd.nist.gov/vuln/detail/CVE-2019-7574):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

CVE-2019-7575 (https://nvd.nist.gov/vuln/detail/CVE-2019-7575):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

CVE-2019-7576 (https://nvd.nist.gov/vuln/detail/CVE-2019-7576):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the
  wNumCoef loop).

CVE-2019-7577 (https://nvd.nist.gov/vuln/detail/CVE-2019-7577):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

CVE-2019-7578 (https://nvd.nist.gov/vuln/detail/CVE-2019-7578):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

CVE-2019-7635 (https://nvd.nist.gov/vuln/detail/CVE-2019-7635):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

CVE-2019-7636 (https://nvd.nist.gov/vuln/detail/CVE-2019-7636):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

CVE-2019-7638 (https://nvd.nist.gov/vuln/detail/CVE-2019-7638):
  SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
  heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-22 21:48:40 UTC
CVE-2019-13616:

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

Upstream issue: https://github.com/libsdl-org/SDL-1.2/issues/790
Patch: https://github.com/libsdl-org/SDL-1.2/commit/31a87d75f15c7acd9470fab9ceb129c0a255871f