Advisories ยป MGASA-2019-0127

Updated SDL12 packages fix security vulnerability

Publication date: 05 Apr 2019
Modification date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-7572 , CVE-2019-7573 , CVE-2019-7574 , CVE-2019-7575 , CVE-2019-7577 , CVE-2019-7635 , CVE-2019-7637 , CVE-2019-7638


This release fixes various buffer overflows when parsing or processing
damaged Waveform audio and BMP image files.
- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510)
- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744)
- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750)
- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754)
- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754)
- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)
  (rhbz#1676752, rhbz#1676756)
- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782)
- Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP
  images with too high number of colors) (rhbz#1677144, rhbz#1677157)
- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch)
- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel
  colors out the palette) (rhbz#1677159)
- Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)