Arch Linux Security Advisory ASA-201908-5
========================================
Severity: High
Date    : 2019-08-05
CVE-ID  : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
          CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
          CVE-2019-7636 CVE-2019-7638
Package : sdl2
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-891

Summary
======
The package sdl2 before version 2.0.10-1 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 2.0.10-1.

# pacman -Syu "sdl2>=2.0.10-1"

The problems have been fixed upstream in version 2.0.10.

Workaround
=========
None.

Description
==========
- CVE-2019-7572 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

- CVE-2019-7573 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(inside the wNumCoef loop).

- CVE-2019-7574 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

- CVE-2019-7575 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

- CVE-2019-7576 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(outside the wNumCoef loop).

- CVE-2019-7577 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

- CVE-2019-7578 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

- CVE-2019-7635 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

- CVE-2019-7636 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

- CVE-2019-7638 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Impact
=====
An attacker can execute arbitrary code on the affected host via a
crafted audio or video file.

References
=========
https://github.com/libsdl-org/SDL/issues/3159
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
https://github.com/libsdl-org/SDL-1.2/commit/1ead4913fc2314a0ce5de06f29a20a8b0b0a5557
https://github.com/libsdl-org/SDL-1.2/commit/f22cbe4a3a2cd87392eec69bdcf2b4bd68b4507b
https://github.com/libsdl-org/SDL/issues/3155
https://github.com/libsdl-org/SDL-1.2/commit/c4a9f0080f928f40e826c49b2e8c057ec7843c2f
https://github.com/libsdl-org/SDL/commit/3f19a6d5e85c71df0fb2b4626b943457d38c2031
https://github.com/libsdl-org/SDL-1.2/issues/785
https://github.com/libsdl-org/SDL-1.2/commit/76871a1c52dc74b8ba2357b9d68c34d765ea9db3
https://github.com/libsdl-org/SDL/issues/3157
https://github.com/libsdl-org/SDL-1.2/commit/c68e0003d2f2b4e50bb1c4412af40c32f0b6396e
https://github.com/libsdl-org/SDL-1.2/issues/835
https://github.com/libsdl-org/SDL/issues/3156
https://github.com/libsdl-org/SDL-1.2/commit/68f914a78ef09a4d2db43e0c7c2848a6b7c03655
https://github.com/libsdl-org/SDL-1.2/commit/82e503c2e026a8eee64e199c2648c296d924a5ab
https://github.com/libsdl-org/SDL/issues/3158
https://github.com/libsdl-org/SDL/issues/3160
https://github.com/libsdl-org/SDL/commit/8bc59f87ecb8d7cd1e47b8a6c2c30d9c58ecf7a7
https://github.com/libsdl-org/SDL-1.2/commit/32c57bf53b18dafb7298d6e9113632728e8fe1ba
https://github.com/libsdl-org/SDL/issues/3161
https://github.com/libsdl-org/SDL-1.2/commit/3c6f20586bb4ba074c73bb3e06d7123e57d4a226
https://github.com/libsdl-org/SDL/commit/ea4c4cfc28e19ec1fc7ae69a70f70943f7933b38
https://github.com/libsdl-org/SDL-1.2/issues/787
https://security.archlinux.org/CVE-2019-7572
https://security.archlinux.org/CVE-2019-7573
https://security.archlinux.org/CVE-2019-7574
https://security.archlinux.org/CVE-2019-7575
https://security.archlinux.org/CVE-2019-7576
https://security.archlinux.org/CVE-2019-7577
https://security.archlinux.org/CVE-2019-7578
https://security.archlinux.org/CVE-2019-7635
https://security.archlinux.org/CVE-2019-7636
https://security.archlinux.org/CVE-2019-7638

ArchLinux: 201908-5: sdl2: arbitrary code execution

August 7, 2019

Summary

- CVE-2019-7572 (arbitrary code execution) SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
- CVE-2019-7573 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
- CVE-2019-7574 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
- CVE-2019-7575 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
- CVE-2019-7576 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
- CVE-2019-7577 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
- CVE-2019-7578 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
- CVE-2019-7635 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
- CVE-2019-7636 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
- CVE-2019-7638 (arbitrary code execution)
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Resolution

Upgrade to 2.0.10-1. # pacman -Syu "sdl2>=2.0.10-1"
The problems have been fixed upstream in version 2.0.10.

References

https://github.com/libsdl-org/SDL/issues/3159 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720 https://github.com/libsdl-org/SDL-1.2/commit/1ead4913fc2314a0ce5de06f29a20a8b0b0a5557 https://github.com/libsdl-org/SDL-1.2/commit/f22cbe4a3a2cd87392eec69bdcf2b4bd68b4507b https://github.com/libsdl-org/SDL/issues/3155 https://github.com/libsdl-org/SDL-1.2/commit/c4a9f0080f928f40e826c49b2e8c057ec7843c2f https://github.com/libsdl-org/SDL/commit/3f19a6d5e85c71df0fb2b4626b943457d38c2031 https://github.com/libsdl-org/SDL-1.2/issues/785 https://github.com/libsdl-org/SDL-1.2/commit/76871a1c52dc74b8ba2357b9d68c34d765ea9db3 https://github.com/libsdl-org/SDL/issues/3157 https://github.com/libsdl-org/SDL-1.2/commit/c68e0003d2f2b4e50bb1c4412af40c32f0b6396e https://github.com/libsdl-org/SDL-1.2/issues/835 https://github.com/libsdl-org/SDL/issues/3156 https://github.com/libsdl-org/SDL-1.2/commit/68f914a78ef09a4d2db43e0c7c2848a6b7c03655 https://github.com/libsdl-org/SDL-1.2/commit/82e503c2e026a8eee64e199c2648c296d924a5ab https://github.com/libsdl-org/SDL/issues/3158 https://github.com/libsdl-org/SDL/issues/3160 https://github.com/libsdl-org/SDL/commit/8bc59f87ecb8d7cd1e47b8a6c2c30d9c58ecf7a7 https://github.com/libsdl-org/SDL-1.2/commit/32c57bf53b18dafb7298d6e9113632728e8fe1ba https://github.com/libsdl-org/SDL/issues/3161 https://github.com/libsdl-org/SDL-1.2/commit/3c6f20586bb4ba074c73bb3e06d7123e57d4a226 https://github.com/libsdl-org/SDL/commit/ea4c4cfc28e19ec1fc7ae69a70f70943f7933b38 https://github.com/libsdl-org/SDL-1.2/issues/787 https://security.archlinux.org/CVE-2019-7572 https://security.archlinux.org/CVE-2019-7573 https://security.archlinux.org/CVE-2019-7574 https://security.archlinux.org/CVE-2019-7575 https://security.archlinux.org/CVE-2019-7576 https://security.archlinux.org/CVE-2019-7577 https://security.archlinux.org/CVE-2019-7578 https://security.archlinux.org/CVE-2019-7635 https://security.archlinux.org/CVE-2019-7636 https://security.archlinux.org/CVE-2019-7638

Severity
CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
CVE-2019-7636 CVE-2019-7638
Package : sdl2
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-891

Workaround

None.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved