ArchLinux: 201908-5 High: sdl2 Arbitrary Code Execution

The package sdl2 before version 2.0.10-1 is vulnerable to arbitrary code execution.

Arch Linux Security Advisory ASA-201908-5
========================================
Severity: High
Date    : 2019-08-05
CVE-ID  : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
          CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
          CVE-2019-7636 CVE-2019-7638
Package : sdl2
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-891

Summary
======
The package sdl2 before version 2.0.10-1 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 2.0.10-1.

# pacman -Syu "sdl2>=2.0.10-1"

The problems have been fixed upstream in version 2.0.10.

Workaround
=========
None.

Description
==========
- CVE-2019-7572 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

- CVE-2019-7573 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(inside the wNumCoef loop).

- CVE-2019-7574 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

- CVE-2019-7575 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

- CVE-2019-7576 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(outside the wNumCoef loop).

- CVE-2019-7577 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

- CVE-2019-7578 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

- CVE-2019-7635 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

- CVE-2019-7636 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

- CVE-2019-7638 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Impact
=====
An attacker can execute arbitrary code on the affected host via a
crafted audio or video file.

References
=========
https://github.com/libsdl-org/SDL/issues/3159
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
https://github.com/libsdl-org/SDL-1.2/commit/1ead4913fc2314a0ce5de06f29a20a8b0b0a5557
https://github.com/libsdl-org/SDL-1.2/commit/f22cbe4a3a2cd87392eec69bdcf2b4bd68b4507b
https://github.com/libsdl-org/SDL/issues/3155
https://github.com/libsdl-org/SDL-1.2/commit/c4a9f0080f928f40e826c49b2e8c057ec7843c2f
https://github.com/libsdl-org/SDL/commit/3f19a6d5e85c71df0fb2b4626b943457d38c2031
https://github.com/libsdl-org/SDL-1.2/issues/785
https://github.com/libsdl-org/SDL-1.2/commit/76871a1c52dc74b8ba2357b9d68c34d765ea9db3
https://github.com/libsdl-org/SDL/issues/3157
https://github.com/libsdl-org/SDL-1.2/commit/c68e0003d2f2b4e50bb1c4412af40c32f0b6396e
https://github.com/libsdl-org/SDL-1.2/issues/835
https://github.com/libsdl-org/SDL/issues/3156
https://github.com/libsdl-org/SDL-1.2/commit/68f914a78ef09a4d2db43e0c7c2848a6b7c03655
https://github.com/libsdl-org/SDL-1.2/commit/82e503c2e026a8eee64e199c2648c296d924a5ab
https://github.com/libsdl-org/SDL/issues/3158
https://github.com/libsdl-org/SDL/issues/3160
https://github.com/libsdl-org/SDL/commit/8bc59f87ecb8d7cd1e47b8a6c2c30d9c58ecf7a7
https://github.com/libsdl-org/SDL-1.2/commit/32c57bf53b18dafb7298d6e9113632728e8fe1ba
https://github.com/libsdl-org/SDL/issues/3161
https://github.com/libsdl-org/SDL-1.2/commit/3c6f20586bb4ba074c73bb3e06d7123e57d4a226
https://github.com/libsdl-org/SDL/commit/ea4c4cfc28e19ec1fc7ae69a70f70943f7933b38
https://github.com/libsdl-org/SDL-1.2/issues/787
https://security.archlinux.org/CVE-2019-7572
https://security.archlinux.org/CVE-2019-7573
https://security.archlinux.org/CVE-2019-7574
https://security.archlinux.org/CVE-2019-7575
https://security.archlinux.org/CVE-2019-7576
https://security.archlinux.org/CVE-2019-7577
https://security.archlinux.org/CVE-2019-7578
https://security.archlinux.org/CVE-2019-7635
https://security.archlinux.org/CVE-2019-7636
https://security.archlinux.org/CVE-2019-7638

ArchLinux: 201908-5 High Severity: sdl2 Arbitrary Code Execution

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

ArchLinux: 201908-5 High Severity: sdl2 Arbitrary Code Execution

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!