{"id":"MGASA-2019-0239","summary":"Updated sdl2 packages fix security vulnerabilities","details":"Updated sdl2 packages fix security vulnerabilities\n\nThis release fixes various buffer overflows when parsing or processing\ndamaged Waveform audio and BMP image files.\n\n- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754)\n- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754)\n- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)\n  (rhbz#1676752, rhbz#1676756)\n- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750)\n- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744)\n- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510)\n- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782)\n- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel\n  colors out the palette) (rhbz#1677159)\n- Fix CVE-2019-7636, CVE-2019-7638 (buffer overflows when processing BMP\n  images with too high number of colors) (rhbz#1677144, rhbz#1677157)\n- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch)\n  (rhbz#1677152)\n- Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)\n- Fix CVE-2010-13616 (heap-based buffer over-read in BlitNtoN in\n  video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c)\n\nThe 2.0.10 release also provides various features and bug fixes.\n","modified":"2026-03-25T17:45:25.088242Z","published":"2019-09-06T21:09:08Z","related":["CVE-2010-13616","CVE-2019-7572","CVE-2019-7573","CVE-2019-7574","CVE-2019-7575","CVE-2019-7576","CVE-2019-7577","CVE-2019-7578","CVE-2019-7635","CVE-2019-7636","CVE-2019-7637","CVE-2019-7638"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0239.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24497"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHEXXGCOKNICFBDMNVYYDTSDLQ42K5G5/"},{"type":"REPORT","url":"https://security-tracker.debian.org/tracker/CVE-2019-13616"},{"type":"REPORT","url":"https://hg.libsdl.org/SDL/file/bc90ce38f1e2/WhatsNew.txt"}],"affected":[{"package":{"name":"sdl2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/sdl2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.10-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0239.json"}},{"package":{"name":"mingw-SDL2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mingw-SDL2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.10-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0239.json"}},{"package":{"name":"sdl2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/sdl2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.10-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0239.json"}},{"package":{"name":"mingw-SDL2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/mingw-SDL2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.10-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0239.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}