MGASA-2019-0127

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0127.html

Import Source

https://advisories.mageia.org/MGASA-2019-0127.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0127

Related

Published

2019-04-05T18:12:59Z

Modified

2019-04-05T17:36:37Z

Summary

Updated SDL12 packages fix security vulnerability

Details

This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7577 (a buffer overread in MSADPCMdecode) (rhbz#1676510) - Fix CVE-2019-7575 (a buffer overwrite in MSADPCMdecode) (rhbz#1676744) - Fix CVE-2019-7574 (a buffer overread in IMAADPCMdecode) (rhbz#1676750) - Fix CVE-2019-7572 (a buffer overread in IMAADPCMnibble) (rhbz#1676754) - Fix CVE-2019-7572 (a buffer overwrite in IMAADPCMnibble) (rhbz#1676754) - Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMSADPCM) (rhbz#1676752, rhbz#1676756) - Fix CVE-2019-7578 (a buffer overread in InitIMAADPCM) (rhbz#1676782) - Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP images with too high number of colors) (rhbz#1677144, rhbz#1677157) - Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (rhbz#1677152) - Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel colors out the palette) (rhbz#1677159) - Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2019-0127

Affected packages