English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2019.0239
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2019-0239)
Summary:The remote host is missing an update for the 'mingw-SDL2, sdl2' package(s) announced via the MGASA-2019-0239 advisory.
Description:Summary:
The remote host is missing an update for the 'mingw-SDL2, sdl2' package(s) announced via the MGASA-2019-0239 advisory.

Vulnerability Insight:
Updated sdl2 packages fix security vulnerabilities

This release fixes various buffer overflows when parsing or processing
damaged Waveform audio and BMP image files.

- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754)
- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754)
- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)
(rhbz#1676752, rhbz#1676756)
- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750)
- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744)
- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510)
- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782)
- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel
colors out the palette) (rhbz#1677159)
- Fix CVE-2019-7636, CVE-2019-7638 (buffer overflows when processing BMP
images with too high number of colors) (rhbz#1677144, rhbz#1677157)
- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch)
(rhbz#1677152)
- Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)
- Fix CVE-2010-13616 (heap-based buffer over-read in BlitNtoN in
video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c)

The 2.0.10 release also provides various features and bug fixes.

Affected Software/OS:
'mingw-SDL2, sdl2' package(s) on Mageia 6, Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-13616
Common Vulnerability Exposure (CVE) ID: CVE-2019-7572
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
https://security.gentoo.org/glsa/201909-07
https://security.gentoo.org/glsa/202305-17
https://bugzilla.libsdl.org/show_bug.cgi?id=4495
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
SuSE Security Announcement: openSUSE-SU-2019:1213 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
SuSE Security Announcement: openSUSE-SU-2019:1223 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
SuSE Security Announcement: openSUSE-SU-2019:1261 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
https://usn.ubuntu.com/4156-1/
https://usn.ubuntu.com/4156-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-7573
https://bugzilla.libsdl.org/show_bug.cgi?id=4491
Common Vulnerability Exposure (CVE) ID: CVE-2019-7574
https://bugzilla.libsdl.org/show_bug.cgi?id=4496
Common Vulnerability Exposure (CVE) ID: CVE-2019-7575
https://bugzilla.libsdl.org/show_bug.cgi?id=4493
https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-7576
https://bugzilla.libsdl.org/show_bug.cgi?id=4490
Common Vulnerability Exposure (CVE) ID: CVE-2019-7577
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/
https://bugzilla.libsdl.org/show_bug.cgi?id=4492
Common Vulnerability Exposure (CVE) ID: CVE-2019-7578
https://bugzilla.libsdl.org/show_bug.cgi?id=4494
Common Vulnerability Exposure (CVE) ID: CVE-2019-7635
https://bugzilla.libsdl.org/show_bug.cgi?id=4498
https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html
SuSE Security Announcement: openSUSE-SU-2019:2071 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html
SuSE Security Announcement: openSUSE-SU-2019:2109 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html
https://usn.ubuntu.com/4143-1/
https://usn.ubuntu.com/4238-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-7636
https://bugzilla.libsdl.org/show_bug.cgi?id=4499
Common Vulnerability Exposure (CVE) ID: CVE-2019-7637
https://bugzilla.libsdl.org/show_bug.cgi?id=4497
https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html
SuSE Security Announcement: openSUSE-SU-2019:1632 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html
SuSE Security Announcement: openSUSE-SU-2019:1633 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-7638
https://bugzilla.libsdl.org/show_bug.cgi?id=4500
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.