Lucene search

K
archlinuxArchLinuxASA-201908-5
HistoryAug 05, 2019 - 12:00 a.m.

[ASA-201908-5] sdl2: arbitrary code execution

2019-08-0500:00:00
security.archlinux.org
20

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

79.9%

Arch Linux Security Advisory ASA-201908-5

Severity: High
Date : 2019-08-05
CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
CVE-2019-7636 CVE-2019-7638
Package : sdl2
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-891

Summary

The package sdl2 before version 2.0.10-1 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 2.0.10-1.

pacman -Syu “sdl2>=2.0.10-1”

The problems have been fixed upstream in version 2.0.10.

Workaround

None.

Description

  • CVE-2019-7572 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

  • CVE-2019-7573 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(inside the wNumCoef loop).

  • CVE-2019-7574 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

  • CVE-2019-7575 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

  • CVE-2019-7576 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(outside the wNumCoef loop).

  • CVE-2019-7577 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

  • CVE-2019-7578 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

  • CVE-2019-7635 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

  • CVE-2019-7636 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

  • CVE-2019-7638 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Impact

An attacker can execute arbitrary code on the affected host via a
crafted audio or video file.

References

https://bugzilla.libsdl.org/show_bug.cgi?id=4495
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
https://hg.libsdl.org/SDL/rev/e52413f52586
https://hg.libsdl.org/SDL/rev/a8afedbcaea0
https://bugzilla.libsdl.org/show_bug.cgi?id=4491
https://hg.libsdl.org/SDL/rev/388987dff7bf
https://hg.libsdl.org/SDL/rev/f9a9d6c76b21
https://bugzilla.libsdl.org/show_bug.cgi?id=4496
https://hg.libsdl.org/SDL/rev/a6e3d2f5183e
https://bugzilla.libsdl.org/show_bug.cgi?id=4493
https://hg.libsdl.org/SDL/rev/a936f9bd3e38
https://bugzilla.libsdl.org/show_bug.cgi?id=4490
https://bugzilla.libsdl.org/show_bug.cgi?id=4492
https://hg.libsdl.org/SDL/rev/faf9abbcfb5f
https://hg.libsdl.org/SDL/rev/416136310b88
https://bugzilla.libsdl.org/show_bug.cgi?id=4494
https://bugzilla.libsdl.org/show_bug.cgi?id=4498
https://hg.libsdl.org/SDL/rev/7c643f1c1887
https://hg.libsdl.org/SDL/rev/f1f5878be5db
https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://hg.libsdl.org/SDL/rev/19d8c3b9c251
https://hg.libsdl.org/SDL/rev/07c39cbbeacf
https://bugzilla.libsdl.org/show_bug.cgi?id=4500
https://security.archlinux.org/CVE-2019-7572
https://security.archlinux.org/CVE-2019-7573
https://security.archlinux.org/CVE-2019-7574
https://security.archlinux.org/CVE-2019-7575
https://security.archlinux.org/CVE-2019-7576
https://security.archlinux.org/CVE-2019-7577
https://security.archlinux.org/CVE-2019-7578
https://security.archlinux.org/CVE-2019-7635
https://security.archlinux.org/CVE-2019-7636
https://security.archlinux.org/CVE-2019-7638

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanysdl2< 2.0.10-1UNKNOWN

References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

79.9%