Vulnerability-Lookup

CVE-2019-7577 (GCVE-0-2019-7577)

Vulnerability from cvelistv5 – Published: 2019-02-07 00:00 – Updated: 2024-08-04 20:54

Summary

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

19 references

URL	Tags
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://bugzilla.libsdl.org/show_bug.cgi?id=4492
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://discourse.libsdl.org/t/vulnerabilities-fo…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://security.gentoo.org/glsa/201909-07	vendor-advisory
https://usn.ubuntu.com/4156-1/	vendor-advisory
https://usn.ubuntu.com/4156-2/	vendor-advisory
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2021…	mailing-list
https://lists.debian.org/debian-lts-announce/2021…	mailing-list
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.gentoo.org/glsa/202305-17	vendor-advisory

Date Public

2019-02-07 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:54:28.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492"
          },
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
          },
          {
            "name": "FEDORA-2019-bf531902c8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/"
          },
          {
            "name": "FEDORA-2019-918aad6bd5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/"
          },
          {
            "name": "openSUSE-SU-2019:1213",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
          },
          {
            "name": "openSUSE-SU-2019:1223",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:1261",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
          },
          {
            "name": "GLSA-201909-07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-07"
          },
          {
            "name": "USN-4156-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4156-1/"
          },
          {
            "name": "USN-4156-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4156-2/"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
          },
          {
            "name": "FEDORA-2020-24652fe41c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
          },
          {
            "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
          },
          {
            "name": "GLSA-202305-17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
        },
        {
          "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492"
        },
        {
          "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
        },
        {
          "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
        },
        {
          "name": "FEDORA-2019-bf531902c8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/"
        },
        {
          "name": "FEDORA-2019-918aad6bd5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/"
        },
        {
          "name": "openSUSE-SU-2019:1213",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
        },
        {
          "name": "openSUSE-SU-2019:1223",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
        },
        {
          "name": "openSUSE-SU-2019:1261",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
        },
        {
          "name": "GLSA-201909-07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201909-07"
        },
        {
          "name": "USN-4156-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4156-1/"
        },
        {
          "name": "USN-4156-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4156-2/"
        },
        {
          "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
        },
        {
          "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
        },
        {
          "name": "FEDORA-2020-24652fe41c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
        },
        {
          "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
        },
        {
          "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
        },
        {
          "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
        },
        {
          "name": "GLSA-202305-17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-17"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-7577",
    "datePublished": "2019-02-07T00:00:00.000Z",
    "dateReserved": "2019-02-07T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:54:28.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-7577",
      "date": "2026-05-25",
      "epss": "0.06522",
      "percentile": "0.91232"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-7577\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-07T07:29:00.973\",\"lastModified\":\"2024-11-21T04:48:21.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.\"},{\"lang\":\"es\",\"value\":\"SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer en SDL_LoadWAV_RW en audio/SDL_wave.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.15\",\"matchCriteriaId\":\"1987484C-BB76-4554-B040-1A8D2C90F0AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.0.9\",\"matchCriteriaId\":\"85C1FFE9-9495-4484-9D25-590ECE49482B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4492\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201909-07\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201909-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

BDU:2020-04703

Vulnerability from fstec - Published: 14.03.2019

Title

Уязвимость функции SDL_LoadWAV_RW библиотеки Simple DirectMedia Layer, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость функции SDL_LoadWAV_RW (audio/SDL_wave.c.) библиотеки Simple DirectMedia Layer связана с переполнением буфера на основе кучи. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., ООО «РусБИТех-Астра», Novell Inc., Fedora Project, Сообщество свободного программного обеспечения, АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Linux Enterprise Debuginfo, OpenSUSE Leap, Fedora, Suse Linux Enterprise Server, SUSE Linux Enterprise Software Development Kit, SDL, Astra Linux Common Edition (запись в едином реестре российских программ №4433), SUSE Linux Enterprise Point of Sale, Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

16.04 LTS (Ubuntu), 1.5 «Смоленск» (Astra Linux Special Edition), 11 sp4 (SUSE Linux Enterprise Debuginfo), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 28 (Fedora), 1.6 «Смоленск» (Astra Linux Special Edition), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 29 (Fedora), 12.04 ESM (Ubuntu), до 1.2.15 включительно (SDL), от 2.0.0 до 2.0.9 включительно (SDL), 2.12 «Орёл» (Astra Linux Common Edition), 15.0 (OpenSUSE Leap), 11 SP3 (SUSE Linux Enterprise Point of Sale), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 31 (Fedora), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Simple DirectMedia Layer: Обновление библиотеки Simple DirectMedia Layer до актуальной версии Для Astralinux: Использование рекомендаций в Бюллетене № 20190329SE15: https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483 Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 Для Ubuntu: https://usn.ubuntu.com/4156-1/ https://usn.ubuntu.com/4156-2/ Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ Для Debian GNU/Linux: https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html Для ОСОН Основа: Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1 Для ОСОН Основа: Обновление программного обеспечения libsdl2 до версии 2.0.14+dfsg2-3 Для ОС Astra Linux Special Edition 1.7: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: - обновить пакет libsdl2 до 2.0.5+dfsg1-2+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 - обновить пакет libsdl1.2 до 1.2.15+dfsg1-4+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения libsdl2 до версии 2.0.5+dfsg1-2+deb9u2 Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1

Reference

https://bugzilla.libsdl.org/show_bug.cgi?id=4492 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/ https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://nvd.nist.gov/vuln/detail/CVE-2019-7577 https://security-tracker.debian.org/tracker/CVE-2019-7577 https://usn.ubuntu.com/4156-1/ https://usn.ubuntu.com/4156-2/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483 https://www.suse.com/support/update/announcement/2019/suse-su-201913998-1/ https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Fedora Project, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 11 sp4 (SUSE Linux Enterprise Debuginfo), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 28 (Fedora), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 29 (Fedora), 12.04 ESM (Ubuntu), \u0434\u043e 1.2.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), \u043e\u0442 2.0.0 \u0434\u043e 2.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 15.0 (OpenSUSE Leap), 11 SP3 (SUSE Linux Enterprise Point of Sale), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 31 (Fedora), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Simple DirectMedia Layer:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astralinux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 \u0411\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u2116 20190329SE15: https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4156-1/ \nhttps://usn.ubuntu.com/4156-2/\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.14+dfsg2-3\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libsdl2 \u0434\u043e 2.0.5+dfsg1-2+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libsdl1.2 \u0434\u043e 1.2.15+dfsg1-4+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.5+dfsg1-2+deb9u2\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.03.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.10.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04703",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-7577",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Linux Enterprise Debuginfo, OpenSUSE Leap, Fedora, Suse Linux Enterprise Server, SUSE Linux Enterprise Software Development Kit, SDL, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), SUSE Linux Enterprise Point of Sale, Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS 32-bit, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb 64-bit (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 18.04 LTS , Fedora Project Fedora 28 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 11 SP4 , Fedora Project Fedora 29 , Canonical Ltd. Ubuntu 12.04 ESM , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.0 32-bit, Novell Inc. OpenSUSE Leap 15.0 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Fedora Project Fedora 31 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 SDL_LoadWAV_RW \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 SDL_LoadWAV_RW (audio/SDL_wave.c.) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043a\u0443\u0447\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492\nhttps://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7577\nhttps://security-tracker.debian.org/tracker/CVE-2019-7577\nhttps://usn.ubuntu.com/4156-1/\nhttps://usn.ubuntu.com/4156-2/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\nhttps://www.suse.com/support/update/announcement/2019/suse-su-201913998-1/\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

CNVD-2019-29178

Vulnerability from cnvd - Published: 2019-08-28

Title

SDL (Simple DirectMedia Layer)缓冲区溢出漏洞（CNVD-2019-29178）

Description

Simple DirectMedia Layer（SDL）是一个用于用于访问低级硬件和图形，并为游戏、软件和仿真器提供支持的多平台库。 SDL 1.2.15及之前版本和2.x版本至2.0.9版本中的video/SDL_surface.c文件的‘SDL_FillRect’函数存在基于堆的缓冲区溢出漏洞。攻击者可利用该漏洞在系统上执行任意代码。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.libsdl.org/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-7577

Impacted products

Name
['SDL SDL (Simple DirectMedia Layer) <=1.2.15', 'SDL SDL (Simple DirectMedia Layer) 2.*，<=2.0.9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-7577"
    }
  },
  "description": "Simple DirectMedia Layer\uff08SDL\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u7528\u4e8e\u8bbf\u95ee\u4f4e\u7ea7\u786c\u4ef6\u548c\u56fe\u5f62\uff0c\u5e76\u4e3a\u6e38\u620f\u3001\u8f6f\u4ef6\u548c\u4eff\u771f\u5668\u63d0\u4f9b\u652f\u6301\u7684\u591a\u5e73\u53f0\u5e93\u3002\n\nSDL 1.2.15\u53ca\u4e4b\u524d\u7248\u672c\u548c2.x\u7248\u672c\u81f32.0.9\u7248\u672c\u4e2d\u7684video/SDL_surface.c\u6587\u4ef6\u7684\u2018SDL_FillRect\u2019\u51fd\u6570\u5b58\u5728\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "opensuse-security",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.libsdl.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-29178",
  "openTime": "2019-08-28",
  "products": {
    "product": [
      "SDL SDL (Simple DirectMedia Layer) \u003c=1.2.15",
      "SDL SDL (Simple DirectMedia Layer) 2.*\uff0c\u003c=2.0.9"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-7577",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-11",
  "title": "SDL (Simple DirectMedia Layer)\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-29178\uff09"
}

FKIE_CVE-2019-7577

Vulnerability from fkie_nvd - Published: 2019-02-07 07:29 - Updated: 2024-11-21 04:48

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html	Mailing List, Third Party Advisory
cve@mitre.org	https://bugzilla.libsdl.org/show_bug.cgi?id=4492	Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org	https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720	Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/
cve@mitre.org	https://security.gentoo.org/glsa/201909-07	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-17
cve@mitre.org	https://usn.ubuntu.com/4156-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4156-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.libsdl.org/show_bug.cgi?id=4492	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201909-07	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-17
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4156-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4156-2/	Third Party Advisory

Impacted products

Vendor	Product	Version
libsdl	simple_directmedia_layer	*
libsdl	simple_directmedia_layer	*
opensuse	leap	15.0
opensuse	leap	42.3
debian	debian_linux	8.0
debian	debian_linux	9.0
fedoraproject	fedora	28
fedoraproject	fedora	29
fedoraproject	fedora	31
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1987484C-BB76-4554-B040-1A8D2C90F0AA",
              "versionEndIncluding": "1.2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85C1FFE9-9495-4484-9D25-590ECE49482B",
              "versionEndIncluding": "2.0.9",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c."
    },
    {
      "lang": "es",
      "value": "SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer en SDL_LoadWAV_RW en audio/SDL_wave.c."
    }
  ],
  "id": "CVE-2019-7577",
  "lastModified": "2024-11-21T04:48:21.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-07T07:29:00.973",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-2/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-72VH-F9RJ-WXFW

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04

Details

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-7577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-07T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
  "id": "GHSA-72vh-f9rj-wxfw",
  "modified": "2022-05-13T01:04:45Z",
  "published": "2022-05-13T01:04:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7577"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4156-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4156-1"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-7577

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

Aliases

CVE-2019-7577

Aliases

CVE-2019-7577

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-7577",
    "description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
    "id": "GSD-2019-7577",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-7577.html",
      "https://access.redhat.com/errata/RHSA-2020:4627",
      "https://access.redhat.com/errata/RHSA-2020:3868",
      "https://ubuntu.com/security/CVE-2019-7577",
      "https://advisories.mageia.org/CVE-2019-7577.html",
      "https://security.archlinux.org/CVE-2019-7577",
      "https://linux.oracle.com/cve/CVE-2019-7577.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-7577"
      ],
      "details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
      "id": "GSD-2019-7577",
      "modified": "2023-12-13T01:23:46.355301Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-7577",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
          },
          {
            "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492",
            "refsource": "MISC",
            "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492"
          },
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
          },
          {
            "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
            "refsource": "MISC",
            "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
          },
          {
            "name": "FEDORA-2019-bf531902c8",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/"
          },
          {
            "name": "FEDORA-2019-918aad6bd5",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/"
          },
          {
            "name": "openSUSE-SU-2019:1213",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
          },
          {
            "name": "openSUSE-SU-2019:1223",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:1261",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
          },
          {
            "name": "GLSA-201909-07",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201909-07"
          },
          {
            "name": "USN-4156-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4156-1/"
          },
          {
            "name": "USN-4156-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4156-2/"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
          },
          {
            "name": "FEDORA-2020-24652fe41c",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
          },
          {
            "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
          },
          {
            "name": "GLSA-202305-17",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202305-17"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.9",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.15",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-7577"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
            },
            {
              "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4492"
            },
            {
              "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
            },
            {
              "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
            },
            {
              "name": "FEDORA-2019-bf531902c8",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/"
            },
            {
              "name": "FEDORA-2019-918aad6bd5",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/"
            },
            {
              "name": "openSUSE-SU-2019:1213",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
            },
            {
              "name": "openSUSE-SU-2019:1223",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2019:1261",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
            },
            {
              "name": "GLSA-201909-07",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201909-07"
            },
            {
              "name": "USN-4156-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4156-1/"
            },
            {
              "name": "USN-4156-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4156-2/"
            },
            {
              "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
            },
            {
              "name": "FEDORA-2020-24652fe41c",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
            },
            {
              "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
            },
            {
              "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
            },
            {
              "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
            },
            {
              "name": "GLSA-202305-17",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202305-17"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-03T12:15Z",
      "publishedDate": "2019-02-07T07:29Z"
    }
  }
}

OPENSUSE-SU-2019:1223-1

Vulnerability from csaf_opensuse - Published: 2019-04-17 13:29 - Updated: 2019-04-17 13:29

Summary

Security update for SDL

Severity

Moderate

Notes

Title of the patch: Security update for SDL

Description of the patch: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2019-1223

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7576

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

49 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1124799	self
https://bugzilla.suse.com/1124800	self
https://bugzilla.suse.com/1124802	self
https://bugzilla.suse.com/1124803	self
https://bugzilla.suse.com/1124805	self
https://bugzilla.suse.com/1124806	self
https://bugzilla.suse.com/1124824	self
https://bugzilla.suse.com/1124825	self
https://bugzilla.suse.com/1124826	self
https://bugzilla.suse.com/1124827	self
https://bugzilla.suse.com/1125099	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7576/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7576	external
https://bugzilla.suse.com/1124799	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SDL",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for SDL fixes the following issues:\n\nSecurity issues fixed:\t  \n\n- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1223",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1223-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1223-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/#PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1223-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/#PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124799",
        "url": "https://bugzilla.suse.com/1124799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124800",
        "url": "https://bugzilla.suse.com/1124800"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124802",
        "url": "https://bugzilla.suse.com/1124802"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124803",
        "url": "https://bugzilla.suse.com/1124803"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124805",
        "url": "https://bugzilla.suse.com/1124805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124806",
        "url": "https://bugzilla.suse.com/1124806"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124824",
        "url": "https://bugzilla.suse.com/1124824"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124825",
        "url": "https://bugzilla.suse.com/1124825"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124826",
        "url": "https://bugzilla.suse.com/1124826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124827",
        "url": "https://bugzilla.suse.com/1124827"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1125099",
        "url": "https://bugzilla.suse.com/1125099"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7576 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7576/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "Security update for SDL",
    "tracking": {
      "current_release_date": "2019-04-17T13:29:07Z",
      "generator": {
        "date": "2019-04-17T13:29:07Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1223-1",
      "initial_release_date": "2019-04-17T13:29:07Z",
      "revision_history": [
        {
          "date": "2019-04-17T13:29:07Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
                  "product_id": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
                  "product_id": "libSDL-devel-1.2.15-lp150.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7576",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7576"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7576",
          "url": "https://www.suse.com/security/cve/CVE-2019-7576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124799 for CVE-2019-7576",
          "url": "https://bugzilla.suse.com/1124799"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7576"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

OPENSUSE-SU-2019:1261-1

Vulnerability from csaf_opensuse - Published: 2019-04-23 15:07 - Updated: 2019-04-23 15:07

Summary

Security update for SDL2

Severity

Moderate

Notes

Title of the patch: Security update for SDL2

Description of the patch: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2019-1261

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7576

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

49 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1124799	self
https://bugzilla.suse.com/1124800	self
https://bugzilla.suse.com/1124802	self
https://bugzilla.suse.com/1124803	self
https://bugzilla.suse.com/1124805	self
https://bugzilla.suse.com/1124806	self
https://bugzilla.suse.com/1124824	self
https://bugzilla.suse.com/1124825	self
https://bugzilla.suse.com/1124826	self
https://bugzilla.suse.com/1124827	self
https://bugzilla.suse.com/1125099	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7576/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7576	external
https://bugzilla.suse.com/1124799	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SDL2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for SDL2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1261",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1261-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1261-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/#MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1261-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/#MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124799",
        "url": "https://bugzilla.suse.com/1124799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124800",
        "url": "https://bugzilla.suse.com/1124800"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124802",
        "url": "https://bugzilla.suse.com/1124802"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124803",
        "url": "https://bugzilla.suse.com/1124803"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124805",
        "url": "https://bugzilla.suse.com/1124805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124806",
        "url": "https://bugzilla.suse.com/1124806"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124824",
        "url": "https://bugzilla.suse.com/1124824"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124825",
        "url": "https://bugzilla.suse.com/1124825"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124826",
        "url": "https://bugzilla.suse.com/1124826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124827",
        "url": "https://bugzilla.suse.com/1124827"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1125099",
        "url": "https://bugzilla.suse.com/1125099"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7576 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7576/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "Security update for SDL2",
    "tracking": {
      "current_release_date": "2019-04-23T15:07:46Z",
      "generator": {
        "date": "2019-04-23T15:07:46Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1261-1",
      "initial_release_date": "2019-04-23T15:07:46Z",
      "revision_history": [
        {
          "date": "2019-04-23T15:07:46Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
                  "product_id": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
                  "product_id": "libSDL2-devel-2.0.8-lp150.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7576",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7576"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7576",
          "url": "https://www.suse.com/security/cve/CVE-2019-7576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124799 for CVE-2019-7576",
          "url": "https://bugzilla.suse.com/1124799"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7576"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

OPENSUSE-SU-2024:10606-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libSDL-1_2-0-1.2.15-22.13 on GA media

Severity

Moderate

Notes

Title of the patch: libSDL-1_2-0-1.2.15-22.13 on GA media

Description of the patch: These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10606

CVE-2019-13616

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

References

36 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2019-13616/	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-13616	external
https://bugzilla.suse.com/1141844	external
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libSDL-1_2-0-1.2.15-22.13 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10606",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10606-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13616 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13616/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "libSDL-1_2-0-1.2.15-22.13 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10606-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-devel-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-devel-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.s390x",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.s390x",
                  "product_id": "libSDL-devel-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.s390x",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-devel-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13616",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13616"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13616",
          "url": "https://www.suse.com/security/cve/CVE-2019-13616"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141844 for CVE-2019-13616",
          "url": "https://bugzilla.suse.com/1141844"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-13616"
    },
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

OPENSUSE-SU-2024:13582-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

SDL2-devel-2.28.5-2.1 on GA media

Severity

Moderate

Notes

Title of the patch: SDL2-devel-2.28.5-2.1 on GA media

Description of the patch: These are all security issues fixed in the SDL2-devel-2.28.5-2.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13582

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-14409

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-14410

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-33657

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-4743

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

43 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2020-14409/	self
https://www.suse.com/security/cve/CVE-2020-14410/	self
https://www.suse.com/security/cve/CVE-2021-33657/	self
https://www.suse.com/security/cve/CVE-2022-4743/	self
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2020-14409	external
https://bugzilla.suse.com/1181202	external
https://bugzilla.suse.com/1200204	external
https://www.suse.com/security/cve/CVE-2020-14410	external
https://bugzilla.suse.com/1181201	external
https://bugzilla.suse.com/1200204	external
https://www.suse.com/security/cve/CVE-2021-33657	external
https://bugzilla.suse.com/1198001	external
https://bugzilla.suse.com/1199105	external
https://bugzilla.suse.com/1200204	external
https://www.suse.com/security/cve/CVE-2022-4743	external
https://bugzilla.suse.com/1206727	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "SDL2-devel-2.28.5-2.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the SDL2-devel-2.28.5-2.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13582",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13582-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14409 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14409/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14410 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14410/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-33657 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-33657/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-4743 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-4743/"
      }
    ],
    "title": "SDL2-devel-2.28.5-2.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13582-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "SDL2-devel-2.28.5-2.1.aarch64",
                "product": {
                  "name": "SDL2-devel-2.28.5-2.1.aarch64",
                  "product_id": "SDL2-devel-2.28.5-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "SDL2-devel-32bit-2.28.5-2.1.aarch64",
                "product": {
                  "name": "SDL2-devel-32bit-2.28.5-2.1.aarch64",
                  "product_id": "SDL2-devel-32bit-2.28.5-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.28.5-2.1.aarch64",
                "product": {
                  "name": "libSDL2-2_0-0-2.28.5-2.1.aarch64",
                  "product_id": "libSDL2-2_0-0-2.28.5-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
                  "product_id": "libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "SDL2-devel-2.28.5-2.1.ppc64le",
                "product": {
                  "name": "SDL2-devel-2.28.5-2.1.ppc64le",
                  "product_id": "SDL2-devel-2.28.5-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "SDL2-devel-32bit-2.28.5-2.1.ppc64le",
                "product": {
                  "name": "SDL2-devel-32bit-2.28.5-2.1.ppc64le",
                  "product_id": "SDL2-devel-32bit-2.28.5-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.28.5-2.1.ppc64le",
                "product": {
                  "name": "libSDL2-2_0-0-2.28.5-2.1.ppc64le",
                  "product_id": "libSDL2-2_0-0-2.28.5-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
                  "product_id": "libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "SDL2-devel-2.28.5-2.1.s390x",
                "product": {
                  "name": "SDL2-devel-2.28.5-2.1.s390x",
                  "product_id": "SDL2-devel-2.28.5-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "SDL2-devel-32bit-2.28.5-2.1.s390x",
                "product": {
                  "name": "SDL2-devel-32bit-2.28.5-2.1.s390x",
                  "product_id": "SDL2-devel-32bit-2.28.5-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.28.5-2.1.s390x",
                "product": {
                  "name": "libSDL2-2_0-0-2.28.5-2.1.s390x",
                  "product_id": "libSDL2-2_0-0-2.28.5-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
                  "product_id": "libSDL2-2_0-0-32bit-2.28.5-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "SDL2-devel-2.28.5-2.1.x86_64",
                "product": {
                  "name": "SDL2-devel-2.28.5-2.1.x86_64",
                  "product_id": "SDL2-devel-2.28.5-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "SDL2-devel-32bit-2.28.5-2.1.x86_64",
                "product": {
                  "name": "SDL2-devel-32bit-2.28.5-2.1.x86_64",
                  "product_id": "SDL2-devel-32bit-2.28.5-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.28.5-2.1.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-2.28.5-2.1.x86_64",
                  "product_id": "libSDL2-2_0-0-2.28.5-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64",
                  "product_id": "libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "SDL2-devel-2.28.5-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64"
        },
        "product_reference": "SDL2-devel-2.28.5-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "SDL2-devel-2.28.5-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le"
        },
        "product_reference": "SDL2-devel-2.28.5-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "SDL2-devel-2.28.5-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x"
        },
        "product_reference": "SDL2-devel-2.28.5-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "SDL2-devel-2.28.5-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64"
        },
        "product_reference": "SDL2-devel-2.28.5-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "SDL2-devel-32bit-2.28.5-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64"
        },
        "product_reference": "SDL2-devel-32bit-2.28.5-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "SDL2-devel-32bit-2.28.5-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le"
        },
        "product_reference": "SDL2-devel-32bit-2.28.5-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "SDL2-devel-32bit-2.28.5-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x"
        },
        "product_reference": "SDL2-devel-32bit-2.28.5-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "SDL2-devel-32bit-2.28.5-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64"
        },
        "product_reference": "SDL2-devel-32bit-2.28.5-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.28.5-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64"
        },
        "product_reference": "libSDL2-2_0-0-2.28.5-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.28.5-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le"
        },
        "product_reference": "libSDL2-2_0-0-2.28.5-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.28.5-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x"
        },
        "product_reference": "libSDL2-2_0-0-2.28.5-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.28.5-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-2.28.5-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2020-14409",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14409"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14409",
          "url": "https://www.suse.com/security/cve/CVE-2020-14409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181202 for CVE-2020-14409",
          "url": "https://bugzilla.suse.com/1181202"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200204 for CVE-2020-14409",
          "url": "https://bugzilla.suse.com/1200204"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14409"
    },
    {
      "cve": "CVE-2020-14410",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14410"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14410",
          "url": "https://www.suse.com/security/cve/CVE-2020-14410"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181201 for CVE-2020-14410",
          "url": "https://bugzilla.suse.com/1181201"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200204 for CVE-2020-14410",
          "url": "https://bugzilla.suse.com/1200204"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14410"
    },
    {
      "cve": "CVE-2021-33657",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-33657"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-33657",
          "url": "https://www.suse.com/security/cve/CVE-2021-33657"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198001 for CVE-2021-33657",
          "url": "https://bugzilla.suse.com/1198001"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199105 for CVE-2021-33657",
          "url": "https://bugzilla.suse.com/1199105"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200204 for CVE-2021-33657",
          "url": "https://bugzilla.suse.com/1200204"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-33657"
    },
    {
      "cve": "CVE-2022-4743",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-4743"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-4743",
          "url": "https://www.suse.com/security/cve/CVE-2022-4743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206727 for CVE-2022-4743",
          "url": "https://bugzilla.suse.com/1206727"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-4743"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-7577 (GCVE-0-2019-7577)

Solution

Tags

Sightings

Nomenclature