ArchLinux: 201908-5: sdl2: arbitrary code execution

    Date07 Aug 2019
    CategoryArchLinux
    406
    Posted ByLinuxSecurity Advisories
    The package sdl2 before version 2.0.10-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201908-5
    =========================================
    
    Severity: High
    Date    : 2019-08-05
    CVE-ID  : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
              CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
              CVE-2019-7636 CVE-2019-7638
    Package : sdl2
    Type    : arbitrary code execution
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-891
    
    Summary
    =======
    
    The package sdl2 before version 2.0.10-1 is vulnerable to arbitrary
    code execution.
    
    Resolution
    ==========
    
    Upgrade to 2.0.10-1.
    
    # pacman -Syu "sdl2>=2.0.10-1"
    
    The problems have been fixed upstream in version 2.0.10.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-7572 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
    
    - CVE-2019-7573 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
    (inside the wNumCoef loop).
    
    - CVE-2019-7574 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
    
    - CVE-2019-7575 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
    
    - CVE-2019-7576 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
    (outside the wNumCoef loop).
    
    - CVE-2019-7577 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
    
    - CVE-2019-7578 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
    
    - CVE-2019-7635 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
    
    - CVE-2019-7636 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
    
    - CVE-2019-7638 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
    
    Impact
    ======
    
    An attacker can execute arbitrary code on the affected host via a
    crafted audio or video file.
    
    References
    ==========
    
    https://bugzilla.libsdl.org/show_bug.cgi?id=4495
    https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
    https://hg.libsdl.org/SDL/rev/e52413f52586
    https://hg.libsdl.org/SDL/rev/a8afedbcaea0
    https://bugzilla.libsdl.org/show_bug.cgi?id=4491
    https://hg.libsdl.org/SDL/rev/388987dff7bf
    https://hg.libsdl.org/SDL/rev/f9a9d6c76b21
    https://bugzilla.libsdl.org/show_bug.cgi?id=4496
    https://hg.libsdl.org/SDL/rev/a6e3d2f5183e
    https://bugzilla.libsdl.org/show_bug.cgi?id=4493
    https://hg.libsdl.org/SDL/rev/a936f9bd3e38
    https://bugzilla.libsdl.org/show_bug.cgi?id=4490
    https://bugzilla.libsdl.org/show_bug.cgi?id=4492
    https://hg.libsdl.org/SDL/rev/faf9abbcfb5f
    https://hg.libsdl.org/SDL/rev/416136310b88
    https://bugzilla.libsdl.org/show_bug.cgi?id=4494
    https://bugzilla.libsdl.org/show_bug.cgi?id=4498
    https://hg.libsdl.org/SDL/rev/7c643f1c1887
    https://hg.libsdl.org/SDL/rev/f1f5878be5db
    https://bugzilla.libsdl.org/show_bug.cgi?id=4499
    https://hg.libsdl.org/SDL/rev/19d8c3b9c251
    https://hg.libsdl.org/SDL/rev/07c39cbbeacf
    https://bugzilla.libsdl.org/show_bug.cgi?id=4500
    https://security.archlinux.org/CVE-2019-7572
    https://security.archlinux.org/CVE-2019-7573
    https://security.archlinux.org/CVE-2019-7574
    https://security.archlinux.org/CVE-2019-7575
    https://security.archlinux.org/CVE-2019-7576
    https://security.archlinux.org/CVE-2019-7577
    https://security.archlinux.org/CVE-2019-7578
    https://security.archlinux.org/CVE-2019-7635
    https://security.archlinux.org/CVE-2019-7636
    https://security.archlinux.org/CVE-2019-7638
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.