Vulnerability-Lookup

CVE-2019-7573 (GCVE-0-2019-7573)

Vulnerability from cvelistv5 – Published: 2019-02-07 00:00 – Updated: 2024-08-04 20:54

Summary

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

Severity

No CVSS data available.

CWE

Assigner

mitre

References

16 references

URL	Tags
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://bugzilla.libsdl.org/show_bug.cgi?id=4491
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://discourse.libsdl.org/t/vulnerabilities-fo…
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://security.gentoo.org/glsa/201909-07	vendor-advisory
https://usn.ubuntu.com/4156-1/	vendor-advisory
https://usn.ubuntu.com/4156-2/	vendor-advisory
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2021…	mailing-list
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.gentoo.org/glsa/202305-17	vendor-advisory

Date Public

2019-02-07 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:54:28.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491"
          },
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
          },
          {
            "name": "openSUSE-SU-2019:1213",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
          },
          {
            "name": "openSUSE-SU-2019:1223",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:1261",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
          },
          {
            "name": "GLSA-201909-07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-07"
          },
          {
            "name": "USN-4156-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4156-1/"
          },
          {
            "name": "USN-4156-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4156-2/"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
          },
          {
            "name": "FEDORA-2020-24652fe41c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
          },
          {
            "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
          },
          {
            "name": "GLSA-202305-17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
        },
        {
          "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491"
        },
        {
          "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
        },
        {
          "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
        },
        {
          "name": "openSUSE-SU-2019:1213",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
        },
        {
          "name": "openSUSE-SU-2019:1223",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
        },
        {
          "name": "openSUSE-SU-2019:1261",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
        },
        {
          "name": "GLSA-201909-07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201909-07"
        },
        {
          "name": "USN-4156-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4156-1/"
        },
        {
          "name": "USN-4156-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4156-2/"
        },
        {
          "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
        },
        {
          "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
        },
        {
          "name": "FEDORA-2020-24652fe41c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
        },
        {
          "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
        },
        {
          "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
        },
        {
          "name": "GLSA-202305-17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-17"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-7573",
    "datePublished": "2019-02-07T00:00:00.000Z",
    "dateReserved": "2019-02-07T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:54:28.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-7573",
      "date": "2026-05-29",
      "epss": "0.0426",
      "percentile": "0.8899"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-7573\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-07T07:29:00.753\",\"lastModified\":\"2024-11-21T04:48:20.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).\"},{\"lang\":\"es\",\"value\":\"SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en InitMS_ADPCM en audio/SDL_wave.c (dentro del bucle wNumCoef).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.15\",\"matchCriteriaId\":\"1987484C-BB76-4554-B040-1A8D2C90F0AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.0.9\",\"matchCriteriaId\":\"85C1FFE9-9495-4484-9D25-590ECE49482B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4491\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201909-07\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4491\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201909-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

BDU:2019-01623

Vulnerability from fstec - Published: 05.02.2019

Title

Уязвимость функции wNumCoef мультимедийной библиотеки SDL, связанная с чтением за границами буфера данных, позволяющая нарушителю получить несанкционированный доступ к информации

Description

Уязвимость функции wNumCoef (audio/SDL_wave.c) мультимедийной библиотеки SDL связана с чтением за границами буфера данных. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, SDL, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), 9 (Debian GNU/Linux), до 1.2.15 включительно (SDL), от 2.0.0 до 2.0.9 включительно (SDL), 8 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Для libsdl1.2: Обновление программного обеспечения до 1.2.15-10+deb8u1 или более поздней версии Для libsdl2: Обновление программного обеспечения до 2.0.2+dfsg1-6 или более поздней версии Для Debian: Обновление программного обеспечения (пакета libsdl1.2) до 1.2.15-10+deb8u1 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета libsdl1.2) до 1.2.15-10+deb8u1 или более поздней версии Для ОСОН Основа: Обновление программного обеспечения libsdl2 до версии 2.0.14+dfsg2-3 Для ОС Astra Linux Special Edition 1.7: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47 Для ОС ОН «Стрелец»: Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-7573 https://security-tracker.debian.org/tracker/CVE-2019-7573 https://bugzilla.libsdl.org/show_bug.cgi?id=4491 https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 9 (Debian GNU/Linux), \u0434\u043e 1.2.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), \u043e\u0442 2.0.0 \u0434\u043e 2.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), 8 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f libsdl1.2:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e  1.2.15-10+deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f libsdl2:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e  2.0.2+dfsg1-6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libsdl1.2) \u0434\u043e 1.2.15-10+deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libsdl1.2) \u0434\u043e 1.2.15-10+deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.14+dfsg2-3\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.02.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.04.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01623",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-7573",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, SDL, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 wNumCoef \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 SDL, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 wNumCoef (audio/SDL_wave.c) \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 SDL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-7573\nhttps://security-tracker.debian.org/tracker/CVE-2019-7573\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4491\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

BDU:2020-04699

Vulnerability from fstec - Published: 07.02.2019

Title

Уязвимость функции InitMS_ADPCM библиотеки Simple DirectMedia Layer, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость функции InitMS_ADPCM (audio/SDL_wave.c) библиотеки Simple DirectMedia Layer связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor

ООО «РусБИТех-Астра», Novell Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Fedora Project, АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Linux Enterprise Debuginfo, Ubuntu, OpenSUSE Leap, Suse Linux Enterprise Server, SUSE Linux Enterprise Software Development Kit, SDL, SUSE Linux Enterprise Point of Sale, Debian GNU/Linux, Fedora, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), 11 sp4 (SUSE Linux Enterprise Debuginfo), 16.04 LTS (Ubuntu), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 12.04 ESM (Ubuntu), до 1.2.15 включительно (SDL), от 2.0.0 до 2.0.9 включительно (SDL), 15.0 (OpenSUSE Leap), 11 SP3 (SUSE Linux Enterprise Point of Sale), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 31 (Fedora), до 2.1 (ОСОН ОСнова Оnyx), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Simple DirectMedia Layer: Обновление библиотеки Simple DirectMedia Layer до актуальной версии Для Astralinux: Использование рекомендаций в Бюллетене № 20190329SE15: https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483 Для Ubuntu: https://usn.ubuntu.com/4156-1/ https://usn.ubuntu.com/4156-2/ Для Debian GNU/Linux: https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ Для ОСОН Основа: Обновление программного обеспечения libsdl2 до версии 2.0.14+dfsg2-3 Для ОС ОН «Стрелец»: Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1

Reference

https://www.suse.com/support/update/announcement/2019/suse-su-201913998-1/ https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483 https://nvd.nist.gov/vuln/detail/CVE-2019-7573 https://usn.ubuntu.com/4156-1/ https://usn.ubuntu.com/4156-2/ https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 11 sp4 (SUSE Linux Enterprise Debuginfo), 16.04 LTS (Ubuntu), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 12.04 ESM (Ubuntu), \u0434\u043e 1.2.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), \u043e\u0442 2.0.0 \u0434\u043e 2.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), 15.0 (OpenSUSE Leap), 11 SP3 (SUSE Linux Enterprise Point of Sale), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 31 (Fedora), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Simple DirectMedia Layer:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astralinux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 \u0411\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u2116 20190329SE15: https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4156-1/ \nhttps://usn.ubuntu.com/4156-2/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.14+dfsg2-3\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.02.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.10.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04699",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-7573",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Linux Enterprise Debuginfo, Ubuntu, OpenSUSE Leap, Suse Linux Enterprise Server, SUSE Linux Enterprise Software Development Kit, SDL, SUSE Linux Enterprise Point of Sale, Debian GNU/Linux, Fedora, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. Suse Linux Enterprise Server 11 SP4 , Canonical Ltd. Ubuntu 12.04 ESM , Novell Inc. OpenSUSE Leap 15.0 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Fedora Project Fedora 31 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 InitMS_ADPCM \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 InitMS_ADPCM (audio/SDL_wave.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/support/update/announcement/2019/suse-su-201913998-1/\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7573\nhttps://usn.ubuntu.com/4156-1/ \nhttps://usn.ubuntu.com/4156-2/\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)"
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

CNVD-2019-29171

Vulnerability from cnvd - Published: 2019-08-28

Title

SDL (Simple DirectMedia Layer)缓冲区溢出漏洞（CNVD-2019-29171）

Description

Simple DirectMedia Layer（SDL）是一个用于用于访问低级硬件和图形，并为游戏、软件和仿真器提供支持的多平台库。 SDL 1.2.15之前版本和2.x至2.0.9版本中的audio/SDL_wave.c文件的‘InitMS_ADPCM’函数存在基于堆的缓冲区溢出漏洞。远程攻击者可利用该漏洞在系统上执行任意代码。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.libsdl.org/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-7573

Impacted products

Name
['SDL SDL (Simple DirectMedia Layer) <=1.2.15', 'SDL SDL (Simple DirectMedia Layer) 2.*，<=2.0.9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-7573"
    }
  },
  "description": "Simple DirectMedia Layer\uff08SDL\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u7528\u4e8e\u8bbf\u95ee\u4f4e\u7ea7\u786c\u4ef6\u548c\u56fe\u5f62\uff0c\u5e76\u4e3a\u6e38\u620f\u3001\u8f6f\u4ef6\u548c\u4eff\u771f\u5668\u63d0\u4f9b\u652f\u6301\u7684\u591a\u5e73\u53f0\u5e93\u3002\n\nSDL 1.2.15\u4e4b\u524d\u7248\u672c\u548c2.x\u81f32.0.9\u7248\u672c\u4e2d\u7684audio/SDL_wave.c\u6587\u4ef6\u7684\u2018InitMS_ADPCM\u2019\u51fd\u6570\u5b58\u5728\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "opensuse-security",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.libsdl.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-29171",
  "openTime": "2019-08-28",
  "products": {
    "product": [
      "SDL SDL (Simple DirectMedia Layer) \u003c=1.2.15",
      "SDL SDL (Simple DirectMedia Layer) 2.*\uff0c\u003c=2.0.9"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-7573",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-11",
  "title": "SDL (Simple DirectMedia Layer)\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-29171\uff09"
}

FKIE_CVE-2019-7573

Vulnerability from fkie_nvd - Published: 2019-02-07 07:29 - Updated: 2024-11-21 04:48

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html	Mailing List, Third Party Advisory
cve@mitre.org	https://bugzilla.libsdl.org/show_bug.cgi?id=4491	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720	Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
cve@mitre.org	https://security.gentoo.org/glsa/201909-07	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-17
cve@mitre.org	https://usn.ubuntu.com/4156-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4156-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.libsdl.org/show_bug.cgi?id=4491	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201909-07	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-17
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4156-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4156-2/	Third Party Advisory

Impacted products

Vendor	Product	Version
libsdl	simple_directmedia_layer	*
libsdl	simple_directmedia_layer	*
debian	debian_linux	8.0
debian	debian_linux	9.0
opensuse	leap	15.0
opensuse	leap	42.3
fedoraproject	fedora	31
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1987484C-BB76-4554-B040-1A8D2C90F0AA",
              "versionEndIncluding": "1.2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85C1FFE9-9495-4484-9D25-590ECE49482B",
              "versionEndIncluding": "2.0.9",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop)."
    },
    {
      "lang": "es",
      "value": "SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en InitMS_ADPCM en audio/SDL_wave.c (dentro del bucle wNumCoef)."
    }
  ],
  "id": "CVE-2019-7573",
  "lastModified": "2024-11-21T04:48:20.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-07T07:29:00.753",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-2/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-645C-JJ5M-8J69

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04

Details

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-7573"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-07T07:29:00Z",
    "severity": "HIGH"
  },
  "details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
  "id": "GHSA-645c-jj5m-8j69",
  "modified": "2022-05-13T01:04:46Z",
  "published": "2022-05-13T01:04:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7573"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491"
    },
    {
      "type": "WEB",
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4156-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4156-2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-7573

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

Aliases

CVE-2019-7573

Aliases

CVE-2019-7573

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-7573",
    "description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
    "id": "GSD-2019-7573",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-7573.html",
      "https://access.redhat.com/errata/RHSA-2020:4627",
      "https://access.redhat.com/errata/RHSA-2020:3868",
      "https://ubuntu.com/security/CVE-2019-7573",
      "https://advisories.mageia.org/CVE-2019-7573.html",
      "https://security.archlinux.org/CVE-2019-7573",
      "https://linux.oracle.com/cve/CVE-2019-7573.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-7573"
      ],
      "details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
      "id": "GSD-2019-7573",
      "modified": "2023-12-13T01:23:46.206631Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-7573",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
          },
          {
            "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491",
            "refsource": "MISC",
            "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491"
          },
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
          },
          {
            "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
            "refsource": "MISC",
            "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
          },
          {
            "name": "openSUSE-SU-2019:1213",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
          },
          {
            "name": "openSUSE-SU-2019:1223",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:1261",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
          },
          {
            "name": "GLSA-201909-07",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201909-07"
          },
          {
            "name": "USN-4156-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4156-1/"
          },
          {
            "name": "USN-4156-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4156-2/"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
          },
          {
            "name": "FEDORA-2020-24652fe41c",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
          },
          {
            "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
          },
          {
            "name": "GLSA-202305-17",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202305-17"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.9",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.15",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-7573"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
            },
            {
              "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4491"
            },
            {
              "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
            },
            {
              "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
            },
            {
              "name": "openSUSE-SU-2019:1213",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
            },
            {
              "name": "openSUSE-SU-2019:1223",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2019:1261",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
            },
            {
              "name": "GLSA-201909-07",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201909-07"
            },
            {
              "name": "USN-4156-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4156-1/"
            },
            {
              "name": "USN-4156-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4156-2/"
            },
            {
              "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
            },
            {
              "name": "FEDORA-2020-24652fe41c",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
            },
            {
              "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
            },
            {
              "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
            },
            {
              "name": "GLSA-202305-17",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202305-17"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-03T12:15Z",
      "publishedDate": "2019-02-07T07:29Z"
    }
  }
}

OPENSUSE-SU-2019:1223-1

Vulnerability from csaf_opensuse - Published: 2019-04-17 13:29 - Updated: 2019-04-17 13:29

Summary

Security update for SDL

Severity

Moderate

Notes

Title of the patch: Security update for SDL

Description of the patch: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2019-1223

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7576

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

49 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1124799	self
https://bugzilla.suse.com/1124800	self
https://bugzilla.suse.com/1124802	self
https://bugzilla.suse.com/1124803	self
https://bugzilla.suse.com/1124805	self
https://bugzilla.suse.com/1124806	self
https://bugzilla.suse.com/1124824	self
https://bugzilla.suse.com/1124825	self
https://bugzilla.suse.com/1124826	self
https://bugzilla.suse.com/1124827	self
https://bugzilla.suse.com/1125099	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7576/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7576	external
https://bugzilla.suse.com/1124799	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SDL",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for SDL fixes the following issues:\n\nSecurity issues fixed:\t  \n\n- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1223",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1223-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1223-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/#PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1223-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/#PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124799",
        "url": "https://bugzilla.suse.com/1124799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124800",
        "url": "https://bugzilla.suse.com/1124800"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124802",
        "url": "https://bugzilla.suse.com/1124802"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124803",
        "url": "https://bugzilla.suse.com/1124803"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124805",
        "url": "https://bugzilla.suse.com/1124805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124806",
        "url": "https://bugzilla.suse.com/1124806"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124824",
        "url": "https://bugzilla.suse.com/1124824"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124825",
        "url": "https://bugzilla.suse.com/1124825"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124826",
        "url": "https://bugzilla.suse.com/1124826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124827",
        "url": "https://bugzilla.suse.com/1124827"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1125099",
        "url": "https://bugzilla.suse.com/1125099"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7576 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7576/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "Security update for SDL",
    "tracking": {
      "current_release_date": "2019-04-17T13:29:07Z",
      "generator": {
        "date": "2019-04-17T13:29:07Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1223-1",
      "initial_release_date": "2019-04-17T13:29:07Z",
      "revision_history": [
        {
          "date": "2019-04-17T13:29:07Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
                  "product_id": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
                  "product_id": "libSDL-devel-1.2.15-lp150.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7576",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7576"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7576",
          "url": "https://www.suse.com/security/cve/CVE-2019-7576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124799 for CVE-2019-7576",
          "url": "https://bugzilla.suse.com/1124799"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7576"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

OPENSUSE-SU-2019:1261-1

Vulnerability from csaf_opensuse - Published: 2019-04-23 15:07 - Updated: 2019-04-23 15:07

Summary

Security update for SDL2

Severity

Moderate

Notes

Title of the patch: Security update for SDL2

Description of the patch: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2019-1261

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7576

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

49 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1124799	self
https://bugzilla.suse.com/1124800	self
https://bugzilla.suse.com/1124802	self
https://bugzilla.suse.com/1124803	self
https://bugzilla.suse.com/1124805	self
https://bugzilla.suse.com/1124806	self
https://bugzilla.suse.com/1124824	self
https://bugzilla.suse.com/1124825	self
https://bugzilla.suse.com/1124826	self
https://bugzilla.suse.com/1124827	self
https://bugzilla.suse.com/1125099	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7576/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7576	external
https://bugzilla.suse.com/1124799	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SDL2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for SDL2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1261",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1261-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1261-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/#MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1261-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/#MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124799",
        "url": "https://bugzilla.suse.com/1124799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124800",
        "url": "https://bugzilla.suse.com/1124800"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124802",
        "url": "https://bugzilla.suse.com/1124802"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124803",
        "url": "https://bugzilla.suse.com/1124803"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124805",
        "url": "https://bugzilla.suse.com/1124805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124806",
        "url": "https://bugzilla.suse.com/1124806"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124824",
        "url": "https://bugzilla.suse.com/1124824"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124825",
        "url": "https://bugzilla.suse.com/1124825"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124826",
        "url": "https://bugzilla.suse.com/1124826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124827",
        "url": "https://bugzilla.suse.com/1124827"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1125099",
        "url": "https://bugzilla.suse.com/1125099"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7576 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7576/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "Security update for SDL2",
    "tracking": {
      "current_release_date": "2019-04-23T15:07:46Z",
      "generator": {
        "date": "2019-04-23T15:07:46Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1261-1",
      "initial_release_date": "2019-04-23T15:07:46Z",
      "revision_history": [
        {
          "date": "2019-04-23T15:07:46Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
                  "product_id": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
                  "product_id": "libSDL2-devel-2.0.8-lp150.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7576",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7576"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7576",
          "url": "https://www.suse.com/security/cve/CVE-2019-7576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124799 for CVE-2019-7576",
          "url": "https://bugzilla.suse.com/1124799"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7576"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

OPENSUSE-SU-2024:10606-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libSDL-1_2-0-1.2.15-22.13 on GA media

Severity

Moderate

Notes

Title of the patch: libSDL-1_2-0-1.2.15-22.13 on GA media

Description of the patch: These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10606

CVE-2019-13616

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

References

36 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2019-13616/	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-13616	external
https://bugzilla.suse.com/1141844	external
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libSDL-1_2-0-1.2.15-22.13 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10606",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10606-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13616 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13616/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "libSDL-1_2-0-1.2.15-22.13 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10606-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-devel-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-devel-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.s390x",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.s390x",
                  "product_id": "libSDL-devel-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.s390x",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-devel-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13616",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13616"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13616",
          "url": "https://www.suse.com/security/cve/CVE-2019-13616"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141844 for CVE-2019-13616",
          "url": "https://bugzilla.suse.com/1141844"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-13616"
    },
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-7573 (GCVE-0-2019-7573)

Solution

Tags

Sightings

Nomenclature