MGASA-2019-0239

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2019-0239.html
Import Source
https://advisories.mageia.org/MGASA-2019-0239.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2019-0239
Related
Published
2019-09-06T21:09:08Z
Modified
2019-09-06T18:58:37Z
Summary
Updated sdl2 packages fix security vulnerabilities
Details

Updated sdl2 packages fix security vulnerabilities

This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files.

  • Fix CVE-2019-7572 (a buffer overread in IMAADPCMnibble) (rhbz#1676754)
  • Fix CVE-2019-7572 (a buffer overwrite in IMAADPCMnibble) (rhbz#1676754)
  • Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM) (rhbz#1676752, rhbz#1676756)
  • Fix CVE-2019-7574 (a buffer overread in IMAADPCMdecode) (rhbz#1676750)
  • Fix CVE-2019-7575 (a buffer overwrite in MSADPCMdecode) (rhbz#1676744)
  • Fix CVE-2019-7577 (a buffer overread in MSADPCMdecode) (rhbz#1676510)
  • Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782)
  • Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel colors out the palette) (rhbz#1677159)
  • Fix CVE-2019-7636, CVE-2019-7638 (buffer overflows when processing BMP images with too high number of colors) (rhbz#1677144, rhbz#1677157)
  • Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (rhbz#1677152)
  • Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)
  • Fix CVE-2010-13616 (heap-based buffer over-read in BlitNtoN in video/SDLblitN.c when called from SDLSoftBlit in video/SDLblit.c)

The 2.0.10 release also provides various features and bug fixes.

References
Credits

Affected packages

Mageia:6 / sdl2

Package

Name
sdl2
Purl
pkg:rpm/mageia/sdl2?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.10-1.mga6

Ecosystem specific 

{
    "section": "core"
}

Mageia:6 / mingw-SDL2

Package

Name
mingw-SDL2
Purl
pkg:rpm/mageia/mingw-SDL2?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.10-1.mga6

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / sdl2

Package

Name
sdl2
Purl
pkg:rpm/mageia/sdl2?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.10-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / mingw-SDL2

Package

Name
mingw-SDL2
Purl
pkg:rpm/mageia/mingw-SDL2?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.10-1.mga7

Ecosystem specific 

{
    "section": "core"
}