6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
79.9%
Severity: High
Date : 2019-08-05
CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
CVE-2019-7636 CVE-2019-7638
Package : sdl2
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-891
The package sdl2 before version 2.0.10-1 is vulnerable to arbitrary
code execution.
Upgrade to 2.0.10-1.
The problems have been fixed upstream in version 2.0.10.
None.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(inside the wNumCoef loop).
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(outside the wNumCoef loop).
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
An attacker can execute arbitrary code on the affected host via a
crafted audio or video file.
https://bugzilla.libsdl.org/show_bug.cgi?id=4495
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
https://hg.libsdl.org/SDL/rev/e52413f52586
https://hg.libsdl.org/SDL/rev/a8afedbcaea0
https://bugzilla.libsdl.org/show_bug.cgi?id=4491
https://hg.libsdl.org/SDL/rev/388987dff7bf
https://hg.libsdl.org/SDL/rev/f9a9d6c76b21
https://bugzilla.libsdl.org/show_bug.cgi?id=4496
https://hg.libsdl.org/SDL/rev/a6e3d2f5183e
https://bugzilla.libsdl.org/show_bug.cgi?id=4493
https://hg.libsdl.org/SDL/rev/a936f9bd3e38
https://bugzilla.libsdl.org/show_bug.cgi?id=4490
https://bugzilla.libsdl.org/show_bug.cgi?id=4492
https://hg.libsdl.org/SDL/rev/faf9abbcfb5f
https://hg.libsdl.org/SDL/rev/416136310b88
https://bugzilla.libsdl.org/show_bug.cgi?id=4494
https://bugzilla.libsdl.org/show_bug.cgi?id=4498
https://hg.libsdl.org/SDL/rev/7c643f1c1887
https://hg.libsdl.org/SDL/rev/f1f5878be5db
https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://hg.libsdl.org/SDL/rev/19d8c3b9c251
https://hg.libsdl.org/SDL/rev/07c39cbbeacf
https://bugzilla.libsdl.org/show_bug.cgi?id=4500
https://security.archlinux.org/CVE-2019-7572
https://security.archlinux.org/CVE-2019-7573
https://security.archlinux.org/CVE-2019-7574
https://security.archlinux.org/CVE-2019-7575
https://security.archlinux.org/CVE-2019-7576
https://security.archlinux.org/CVE-2019-7577
https://security.archlinux.org/CVE-2019-7578
https://security.archlinux.org/CVE-2019-7635
https://security.archlinux.org/CVE-2019-7636
https://security.archlinux.org/CVE-2019-7638
bugzilla.libsdl.org/show_bug.cgi?id=4490
bugzilla.libsdl.org/show_bug.cgi?id=4491
bugzilla.libsdl.org/show_bug.cgi?id=4492
bugzilla.libsdl.org/show_bug.cgi?id=4493
bugzilla.libsdl.org/show_bug.cgi?id=4494
bugzilla.libsdl.org/show_bug.cgi?id=4495
bugzilla.libsdl.org/show_bug.cgi?id=4496
bugzilla.libsdl.org/show_bug.cgi?id=4498
bugzilla.libsdl.org/show_bug.cgi?id=4499
bugzilla.libsdl.org/show_bug.cgi?id=4500
discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
hg.libsdl.org/SDL/rev/07c39cbbeacf
hg.libsdl.org/SDL/rev/19d8c3b9c251
hg.libsdl.org/SDL/rev/388987dff7bf
hg.libsdl.org/SDL/rev/416136310b88
hg.libsdl.org/SDL/rev/7c643f1c1887
hg.libsdl.org/SDL/rev/a6e3d2f5183e
hg.libsdl.org/SDL/rev/a8afedbcaea0
hg.libsdl.org/SDL/rev/a936f9bd3e38
hg.libsdl.org/SDL/rev/e52413f52586
hg.libsdl.org/SDL/rev/f1f5878be5db
hg.libsdl.org/SDL/rev/f9a9d6c76b21
hg.libsdl.org/SDL/rev/faf9abbcfb5f
security.archlinux.org/AVG-891
security.archlinux.org/CVE-2019-7572
security.archlinux.org/CVE-2019-7573
security.archlinux.org/CVE-2019-7574
security.archlinux.org/CVE-2019-7575
security.archlinux.org/CVE-2019-7576
security.archlinux.org/CVE-2019-7577
security.archlinux.org/CVE-2019-7578
security.archlinux.org/CVE-2019-7635
security.archlinux.org/CVE-2019-7636
security.archlinux.org/CVE-2019-7638
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
79.9%