Sicherheit: Pufferüberlauf in SDL
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in SDL
ID: FEDORA-2019-918aad6bd5
Distribution: Fedora
Plattformen: Fedora 28
Datum: Do, 21. März 2019, 08:05
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7577
Applikationen: Simple DirectMedia Layer


Fedora Update Notification
2019-03-20 21:17:00.935438

Name : SDL
Product : Fedora 28
Version : 1.2.15
Release : 32.fc28
URL : http://www.libsdl.org/
Summary : A cross-platform multimedia library
Description :
Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed
to provide fast access to the graphics frame buffer and audio device.

Update Information:

This release fixes a buffer overflow when processing RIFF/WAV files with in
invalid MS ADPCM predictor.

* Tue Mar 12 2019 Petr Pisar <ppisar@redhat.com> - 1.2.15-32
- Fix CVE-2019-7577 completely (a buffer overread in MS_ADPCM_nibble and
MS_ADPCM_decode on an invalid predictor) (bug #1676510)
* Fri Feb 15 2019 Petr Pisar <ppisar@redhat.com> - 1.2.15-31
- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (bug #1676510)
- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (bug #1676744)
- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (bug #1676750)
- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (bug #1676754)
- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (bug #1676754)
- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)
(bugs #1676752, #1676756)
- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (bug #1676782)
- Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP
images with too high number of colors) (bugs #1677144, #1677157)
- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (bug #1677152)
- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel
colors out the palette) (bug #1677159)
- Reject 2, 3, 5, 6, 7-bpp BMP images (bug #1677159)

[ 1 ] Bug #1676509 - CVE-2019-7577 SDL: Buffer over-read in function
SDL_LoadWAV_RW in audio/SDL_wave.c

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-918aad6bd5' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten