ArchLinux: 201910-8: sdl: arbitrary code execution

    Date11 Oct 2019
    CategoryArchLinux
    291
    Posted ByLinuxSecurity Advisories
    Archlinux Large
    The package sdl before version 1.2.15-13 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201910-8
    =========================================
    
    Severity: High
    Date    : 2019-10-11
    CVE-ID  : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
              CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
              CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616
    Package : sdl
    Type    : arbitrary code execution
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-890
    
    Summary
    =======
    
    The package sdl before version 1.2.15-13 is vulnerable to arbitrary
    code execution.
    
    Resolution
    ==========
    
    Upgrade to 1.2.15-13.
    
    # pacman -Syu "sdl>=1.2.15-13"
    
    The problems have been fixed upstream but no release is available yet.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-7572 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
    
    - CVE-2019-7573 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
    (inside the wNumCoef loop).
    
    - CVE-2019-7574 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
    
    - CVE-2019-7575 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
    
    - CVE-2019-7576 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
    (outside the wNumCoef loop).
    
    - CVE-2019-7577 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
    
    - CVE-2019-7578 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
    
    - CVE-2019-7635 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
    
    - CVE-2019-7636 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
    
    - CVE-2019-7637 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
    
    - CVE-2019-7638 (arbitrary code execution)
    
    SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
    a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
    
    - CVE-2019-13616 (arbitrary code execution)
    
    A heap-based buffer overflow was discovered in SDL in the
    SDL_BlitCopy() function, that was called while copying an existing
    surface into a new optimized one, due to lack of validation while
    loading a BMP image in the SDL_LoadBMP_RW() function. An application
    that uses SDL to parse untrusted input files may be vulnerable to this
    flaw, which could allow an attacker to make the application crash or
    possibly execute code.
    
    Impact
    ======
    
    An attacker can execute arbitrary code on the affected host via a
    crafted audio, image or video file.
    
    References
    ==========
    
    https://bugzilla.libsdl.org/show_bug.cgi?id=4495
    https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
    https://hg.libsdl.org/SDL/rev/e52413f52586
    https://hg.libsdl.org/SDL/rev/a8afedbcaea0
    https://bugzilla.libsdl.org/show_bug.cgi?id=4491
    https://hg.libsdl.org/SDL/rev/388987dff7bf
    https://hg.libsdl.org/SDL/rev/f9a9d6c76b21
    https://bugzilla.libsdl.org/show_bug.cgi?id=4496
    https://hg.libsdl.org/SDL/rev/a6e3d2f5183e
    https://bugzilla.libsdl.org/show_bug.cgi?id=4493
    https://hg.libsdl.org/SDL/rev/a936f9bd3e38
    https://bugzilla.libsdl.org/show_bug.cgi?id=4490
    https://bugzilla.libsdl.org/show_bug.cgi?id=4492
    https://hg.libsdl.org/SDL/rev/faf9bbcfb5f
    https://hg.libsdl.org/SDL/rev/416136310b88
    https://bugzilla.libsdl.org/show_bug.cgi?id=4494
    https://bugzilla.libsdl.org/show_bug.cgi?id=4498
    https://hg.libsdl.org/SDL/rev/7c643f1c1887
    https://hg.libsdl.org/SDL/rev/f1f5878be5db
    https://bugzilla.libsdl.org/show_bug.cgi?id=4499
    https://hg.libsdl.org/SDL/rev/19d8c3b9c251
    https://hg.libsdl.org/SDL/rev/07c39cbbeacf
    https://bugzilla.libsdl.org/show_bug.cgi?id=4497
    https://hg.libsdl.org/SDL/rev/9b0e5c555c0f
    https://bugzilla.libsdl.org/show_bug.cgi?id=4500
    https://bugzilla.libsdl.org/show_bug.cgi?id=4538
    https://hg.libsdl.org/SDL/rev/ad1bbfbca760
    https://security.archlinux.org/CVE-2019-7572
    https://security.archlinux.org/CVE-2019-7573
    https://security.archlinux.org/CVE-2019-7574
    https://security.archlinux.org/CVE-2019-7575
    https://security.archlinux.org/CVE-2019-7576
    https://security.archlinux.org/CVE-2019-7577
    https://security.archlinux.org/CVE-2019-7578
    https://security.archlinux.org/CVE-2019-7635
    https://security.archlinux.org/CVE-2019-7636
    https://security.archlinux.org/CVE-2019-7637
    https://security.archlinux.org/CVE-2019-7638
    https://security.archlinux.org/CVE-2019-13616a
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"36","type":"x","order":"1","pct":50.7,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":14.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":35.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.