Arch Linux Security Advisory ASA-201908-5
========================================
Severity: High
Date    : 2019-08-05
CVE-ID  : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
          CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
          CVE-2019-7636 CVE-2019-7638
Package : sdl2
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-891

Summary
======
The package sdl2 before version 2.0.10-1 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 2.0.10-1.

# pacman -Syu "sdl2>=2.0.10-1"

The problems have been fixed upstream in version 2.0.10.

Workaround
=========
None.

Description
==========
- CVE-2019-7572 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

- CVE-2019-7573 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(inside the wNumCoef loop).

- CVE-2019-7574 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

- CVE-2019-7575 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

- CVE-2019-7576 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(outside the wNumCoef loop).

- CVE-2019-7577 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

- CVE-2019-7578 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

- CVE-2019-7635 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

- CVE-2019-7636 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

- CVE-2019-7638 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Impact
=====
An attacker can execute arbitrary code on the affected host via a
crafted audio or video file.

References
=========
https://github.com/libsdl-org/SDL/issues/3159
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
https://github.com/libsdl-org/SDL-1.2/commit/1ead4913fc2314a0ce5de06f29a20a8b0b0a5557
https://github.com/libsdl-org/SDL-1.2/commit/f22cbe4a3a2cd87392eec69bdcf2b4bd68b4507b
https://github.com/libsdl-org/SDL/issues/3155
https://github.com/libsdl-org/SDL-1.2/commit/c4a9f0080f928f40e826c49b2e8c057ec7843c2f
https://github.com/libsdl-org/SDL/commit/3f19a6d5e85c71df0fb2b4626b943457d38c2031
https://github.com/libsdl-org/SDL-1.2/issues/785
https://github.com/libsdl-org/SDL-1.2/commit/76871a1c52dc74b8ba2357b9d68c34d765ea9db3
https://github.com/libsdl-org/SDL/issues/3157
https://github.com/libsdl-org/SDL-1.2/commit/c68e0003d2f2b4e50bb1c4412af40c32f0b6396e
https://github.com/libsdl-org/SDL-1.2/issues/835
https://github.com/libsdl-org/SDL/issues/3156
https://github.com/libsdl-org/SDL-1.2/commit/68f914a78ef09a4d2db43e0c7c2848a6b7c03655
https://github.com/libsdl-org/SDL-1.2/commit/82e503c2e026a8eee64e199c2648c296d924a5ab
https://github.com/libsdl-org/SDL/issues/3158
https://github.com/libsdl-org/SDL/issues/3160
https://github.com/libsdl-org/SDL/commit/8bc59f87ecb8d7cd1e47b8a6c2c30d9c58ecf7a7
https://github.com/libsdl-org/SDL-1.2/commit/32c57bf53b18dafb7298d6e9113632728e8fe1ba
https://github.com/libsdl-org/SDL/issues/3161
https://github.com/libsdl-org/SDL-1.2/commit/3c6f20586bb4ba074c73bb3e06d7123e57d4a226
https://github.com/libsdl-org/SDL/commit/ea4c4cfc28e19ec1fc7ae69a70f70943f7933b38
https://github.com/libsdl-org/SDL-1.2/issues/787
https://security.archlinux.org/CVE-2019-7572
https://security.archlinux.org/CVE-2019-7573
https://security.archlinux.org/CVE-2019-7574
https://security.archlinux.org/CVE-2019-7575
https://security.archlinux.org/CVE-2019-7576
https://security.archlinux.org/CVE-2019-7577
https://security.archlinux.org/CVE-2019-7578
https://security.archlinux.org/CVE-2019-7635
https://security.archlinux.org/CVE-2019-7636
https://security.archlinux.org/CVE-2019-7638

ArchLinux: 201908-5: sdl2: arbitrary code execution

August 7, 2019

Summary

- CVE-2019-7572 (arbitrary code execution) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
- CVE-2019-7573 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
- CVE-2019-7574 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
- CVE-2019-7575 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
- CVE-2019-7576 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
- CVE-2019-7577 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
- CVE-2019-7578 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
- CVE-2019-7635 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
- CVE-2019-7636 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
- CVE-2019-7638 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Resolution

Upgrade to 2.0.10-1. # pacman -Syu "sdl2>=2.0.10-1"
The problems have been fixed upstream in version 2.0.10.

References

https://github.com/libsdl-org/SDL/issues/3159 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720 https://github.com/libsdl-org/SDL-1.2/commit/1ead4913fc2314a0ce5de06f29a20a8b0b0a5557 https://github.com/libsdl-org/SDL-1.2/commit/f22cbe4a3a2cd87392eec69bdcf2b4bd68b4507b https://github.com/libsdl-org/SDL/issues/3155 https://github.com/libsdl-org/SDL-1.2/commit/c4a9f0080f928f40e826c49b2e8c057ec7843c2f https://github.com/libsdl-org/SDL/commit/3f19a6d5e85c71df0fb2b4626b943457d38c2031 https://github.com/libsdl-org/SDL-1.2/issues/785 https://github.com/libsdl-org/SDL-1.2/commit/76871a1c52dc74b8ba2357b9d68c34d765ea9db3 https://github.com/libsdl-org/SDL/issues/3157 https://github.com/libsdl-org/SDL-1.2/commit/c68e0003d2f2b4e50bb1c4412af40c32f0b6396e https://github.com/libsdl-org/SDL-1.2/issues/835 https://github.com/libsdl-org/SDL/issues/3156 https://github.com/libsdl-org/SDL-1.2/commit/68f914a78ef09a4d2db43e0c7c2848a6b7c03655 https://github.com/libsdl-org/SDL-1.2/commit/82e503c2e026a8eee64e199c2648c296d924a5ab https://github.com/libsdl-org/SDL/issues/3158 https://github.com/libsdl-org/SDL/issues/3160 https://github.com/libsdl-org/SDL/commit/8bc59f87ecb8d7cd1e47b8a6c2c30d9c58ecf7a7 https://github.com/libsdl-org/SDL-1.2/commit/32c57bf53b18dafb7298d6e9113632728e8fe1ba https://github.com/libsdl-org/SDL/issues/3161 https://github.com/libsdl-org/SDL-1.2/commit/3c6f20586bb4ba074c73bb3e06d7123e57d4a226 https://github.com/libsdl-org/SDL/commit/ea4c4cfc28e19ec1fc7ae69a70f70943f7933b38 https://github.com/libsdl-org/SDL-1.2/issues/787 https://security.archlinux.org/CVE-2019-7572 https://security.archlinux.org/CVE-2019-7573 https://security.archlinux.org/CVE-2019-7574 https://security.archlinux.org/CVE-2019-7575 https://security.archlinux.org/CVE-2019-7576 https://security.archlinux.org/CVE-2019-7577 https://security.archlinux.org/CVE-2019-7578 https://security.archlinux.org/CVE-2019-7635 https://security.archlinux.org/CVE-2019-7636 https://security.archlinux.org/CVE-2019-7638

Severity
CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
CVE-2019-7636 CVE-2019-7638
Package : sdl2
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-891

Workaround

None.

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved