Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-7635 (GCVE-0-2019-7635)
Vulnerability from cvelistv5 – Published: 2019-02-08 00:00 – Updated: 2024-08-04 20:54
VLAI
EPSS
Summary
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
Severity
8.1 (High)
CWE
- n/a
Assigner
References
23 references
Date Public
2019-02-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"
},
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
},
{
"name": "openSUSE-SU-2019:1213",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
},
{
"name": "openSUSE-SU-2019:1223",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1261",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"name": "openSUSE-SU-2019:2071",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"name": "GLSA-201909-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-07"
},
{
"name": "openSUSE-SU-2019:2109",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"name": "USN-4143-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4143-1/"
},
{
"name": "USN-4156-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"name": "USN-4156-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
},
{
"name": "USN-4238-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "FEDORA-2020-24652fe41c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"name": "GLSA-202305-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"
},
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
},
{
"name": "openSUSE-SU-2019:1213",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
},
{
"name": "openSUSE-SU-2019:1223",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1261",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"name": "openSUSE-SU-2019:2071",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"name": "GLSA-201909-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201909-07"
},
{
"name": "openSUSE-SU-2019:2109",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"name": "USN-4143-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4143-1/"
},
{
"name": "USN-4156-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"name": "USN-4156-2",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
},
{
"name": "USN-4238-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "FEDORA-2020-24652fe41c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"name": "GLSA-202305-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7635",
"datePublished": "2019-02-08T00:00:00.000Z",
"dateReserved": "2019-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:54:28.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-7635",
"date": "2026-06-05",
"epss": "0.02151",
"percentile": "0.84589"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-7635\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-08T11:29:00.233\",\"lastModified\":\"2024-11-21T04:48:26.123\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.\"},{\"lang\":\"es\",\"value\":\"SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en Blit1to4 en video/SDL_blit_1.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.15\",\"matchCriteriaId\":\"1987484C-BB76-4554-B040-1A8D2C90F0AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.0.9\",\"matchCriteriaId\":\"85C1FFE9-9495-4484-9D25-590ECE49482B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4498\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201909-07\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4143-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4238-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4498\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201909-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4143-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4238-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Title
Уязвимость функции Blit1to4 библиотеки Simple DirectMedia Layer, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость функции Blit1to4 (video/SDL_blit_1.c.) библиотеки Simple DirectMedia Layer связана с переполнением буфера на основе кучи. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity
Vendor
Canonical Ltd., ООО «РусБИТех-Астра», Novell Inc., Сообщество свободного программного обеспечения, Fedora Project, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, Suse Linux Enterprise Server, SDL, Astra Linux Common Edition (запись в едином реестре российских программ №4433), SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Point of Sale, Debian GNU/Linux, Fedora, SUSE Linux Enterprise High Performance Computing, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
16.04 LTS (Ubuntu), 1.5 «Смоленск» (Astra Linux Special Edition), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), до 1.2.15 включительно (SDL), от 2.0.0 до 2.0.9 включительно (SDL), 2.12 «Орёл» (Astra Linux Common Edition), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 11 SP3 (SUSE Linux Enterprise Point of Sale), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), 31 (Fedora), 12 SP5 (SUSE Linux Enterprise High Performance Computing), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Simple DirectMedia Layer:
Обновление библиотеки Simple DirectMedia Layer до актуальной версии
Для Astralinux:
Использование рекомендаций в Бюллетене № 20190329SE15: https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483
Использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Для Ubuntu:
https://usn.ubuntu.com/4143-1/
https://usn.ubuntu.com/4156-1/
https://usn.ubuntu.com/4156-2/
https://usn.ubuntu.com/4238-1/
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html
https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html
https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
Для ОСОН Основа:
Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1
Для ОСОН Основа:
Обновление программного обеспечения libsdl2 до версии 2.0.14+dfsg2-3
Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17
Для Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47
Для ОС ОН «Стрелец»:
Обновление программного обеспечения libsdl2 до версии 2.0.5+dfsg1-2+deb9u2
Обновление программного обеспечения sdl-image1.2 до версии 1.2.12-5+deb9u2
Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1
Reference
https://bugzilla.libsdl.org/show_bug.cgi?id=4498
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720
https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html
https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html
https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html
https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html
https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html
https://nvd.nist.gov/vuln/detail/CVE-2019-7635
https://security-tracker.debian.org/tracker/CVE-2019-7635
https://usn.ubuntu.com/4143-1/
https://usn.ubuntu.com/4156-1/
https://usn.ubuntu.com/4156-2/
https://usn.ubuntu.com/4238-1/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483
https://www.suse.com/support/update/announcement/2019/suse-su-201913998-1/
https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), \u0434\u043e 1.2.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), \u043e\u0442 2.0.0 \u0434\u043e 2.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 11 SP3 (SUSE Linux Enterprise Point of Sale), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), 31 (Fedora), 12 SP5 (SUSE Linux Enterprise High Performance Computing), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Simple DirectMedia Layer:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astralinux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 \u0411\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u2116 20190329SE15: https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4143-1/ \nhttps://usn.ubuntu.com/4156-1/ \nhttps://usn.ubuntu.com/4156-2/ \nhttps://usn.ubuntu.com/4238-1/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\nhttps://lists.debian.org/debian-lts-announce/2019/07/msg00026.html\nhttps://lists.debian.org/debian-lts-announce/2019/07/msg00021.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.14+dfsg2-3\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.5+dfsg1-2+deb9u2\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f sdl-image1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.12-5+deb9u2\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.03.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.10.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04717",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-7635",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, Suse Linux Enterprise Server, SDL, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Point of Sale, Debian GNU/Linux, Fedora, SUSE Linux Enterprise High Performance Computing, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS 32-bit, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb 64-bit (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. Suse Linux Enterprise Server 11 SP4 , Canonical Ltd. Ubuntu 12.04 ESM , Canonical Ltd. Ubuntu 19.04 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.0 32-bit, Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4 , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , Novell Inc. Suse Linux Enterprise Server 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Fedora Project Fedora 31 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Blit1to4 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Blit1to4 (video/SDL_blit_1.c.) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043a\u0443\u0447\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498\nhttps://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/07/msg00021.html\nhttps://lists.debian.org/debian-lts-announce/2019/07/msg00026.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7635\nhttps://security-tracker.debian.org/tracker/CVE-2019-7635\nhttps://usn.ubuntu.com/4143-1/\nhttps://usn.ubuntu.com/4156-1/\nhttps://usn.ubuntu.com/4156-2/\nhttps://usn.ubuntu.com/4238-1/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\nhttps://www.suse.com/support/update/announcement/2019/suse-su-201913998-1/\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)"
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"initial_release_date": "2022-03-23T00:00:00",
"last_revision_date": "2022-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
Title
SDL (Simple DirectMedia Layer)缓冲区溢出漏洞(CNVD-2019-29176)
Description
Simple DirectMedia Layer(SDL)是一个用于用于访问低级硬件和图形,并为游戏、软件和仿真器提供支持的多平台库。
SDL 1.2.15及之前版本和2.x版本至2.0.9版本中的video/SDL_surface.c文件的‘SDL_FillRect’函数存在基于堆的缓冲区溢出漏洞。攻击者可利用该漏洞在系统上执行任意代码。
Severity
中
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.libsdl.org/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-7635
Impacted products
| Name | ['SDL SDL (Simple DirectMedia Layer) <=1.2.15', 'SDL SDL (Simple DirectMedia Layer) 2.*,<=2.0.9'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-7635"
}
},
"description": "Simple DirectMedia Layer\uff08SDL\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u7528\u4e8e\u8bbf\u95ee\u4f4e\u7ea7\u786c\u4ef6\u548c\u56fe\u5f62\uff0c\u5e76\u4e3a\u6e38\u620f\u3001\u8f6f\u4ef6\u548c\u4eff\u771f\u5668\u63d0\u4f9b\u652f\u6301\u7684\u591a\u5e73\u53f0\u5e93\u3002\n\nSDL 1.2.15\u53ca\u4e4b\u524d\u7248\u672c\u548c2.x\u7248\u672c\u81f32.0.9\u7248\u672c\u4e2d\u7684video/SDL_surface.c\u6587\u4ef6\u7684\u2018SDL_FillRect\u2019\u51fd\u6570\u5b58\u5728\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "opensuse-security",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.libsdl.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-29176",
"openTime": "2019-08-28",
"products": {
"product": [
"SDL SDL (Simple DirectMedia Layer) \u003c=1.2.15",
"SDL SDL (Simple DirectMedia Layer) 2.*\uff0c\u003c=2.0.9"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-7635",
"serverity": "\u4e2d",
"submitTime": "2019-02-11",
"title": "SDL (Simple DirectMedia Layer)\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-29176\uff09"
}
FKIE_CVE-2019-7635
Vulnerability from fkie_nvd - Published: 2019-02-08 11:29 - Updated: 2024-11-21 04:48
Severity
Summary
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libsdl | simple_directmedia_layer | * | |
| libsdl | simple_directmedia_layer | * | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 42.3 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 31 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1987484C-BB76-4554-B040-1A8D2C90F0AA",
"versionEndIncluding": "1.2.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C1FFE9-9495-4484-9D25-590ECE49482B",
"versionEndIncluding": "2.0.9",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c."
},
{
"lang": "es",
"value": "SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en Blit1to4 en video/SDL_blit_1.c."
}
],
"id": "CVE-2019-7635",
"lastModified": "2024-11-21T04:48:26.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-08T11:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-07"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202305-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4143-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4143-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4238-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-C83X-CR7V-6QRF
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI
Details
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
Severity
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2019-7635"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-08T11:29:00Z",
"severity": "HIGH"
},
"details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"id": "GHSA-c83x-cr7v-6qrf",
"modified": "2022-05-13T01:04:45Z",
"published": "2022-05-13T01:04:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7635"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4238-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4156-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4156-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4143-1"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-17"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201909-07"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"type": "WEB",
"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
},
{
"type": "WEB",
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-7635
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-7635",
"description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"id": "GSD-2019-7635",
"references": [
"https://www.suse.com/security/cve/CVE-2019-7635.html",
"https://access.redhat.com/errata/RHSA-2020:4627",
"https://access.redhat.com/errata/RHSA-2020:3868",
"https://ubuntu.com/security/CVE-2019-7635",
"https://advisories.mageia.org/CVE-2019-7635.html",
"https://security.archlinux.org/CVE-2019-7635",
"https://linux.oracle.com/cve/CVE-2019-7635.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-7635"
],
"details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"id": "GSD-2019-7635",
"modified": "2023-12-13T01:23:46.934958Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498",
"refsource": "MISC",
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"
},
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
"refsource": "MISC",
"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
},
{
"name": "openSUSE-SU-2019:1213",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
},
{
"name": "openSUSE-SU-2019:1223",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"name": "openSUSE-SU-2019:2071",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"name": "GLSA-201909-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-07"
},
{
"name": "openSUSE-SU-2019:2109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"name": "USN-4143-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4143-1/"
},
{
"name": "USN-4156-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"name": "USN-4156-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
},
{
"name": "USN-4238-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "FEDORA-2020-24652fe41c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"name": "GLSA-202305-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202305-17"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.9",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7635"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
},
{
"name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4498"
},
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
},
{
"name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1213",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
},
{
"name": "openSUSE-SU-2019:1223",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1261",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1861-1] libsdl2-image security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html"
},
{
"name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
},
{
"name": "openSUSE-SU-2019:2071",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"name": "GLSA-201909-07",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-07"
},
{
"name": "openSUSE-SU-2019:2109",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"name": "USN-4143-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4143-1/"
},
{
"name": "USN-4156-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"name": "USN-4156-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
},
{
"name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
},
{
"name": "USN-4238-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "FEDORA-2020-24652fe41c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"name": "GLSA-202305-17",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202305-17"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-05-03T12:15Z",
"publishedDate": "2019-02-08T11:29Z"
}
}
}
OPENSUSE-SU-2019:1223-1
Vulnerability from csaf_opensuse - Published: 2019-04-17 13:29 - Updated: 2019-04-17 13:29Summary
Security update for SDL
Severity
Moderate
Notes
Title of the patch: Security update for SDL
Description of the patch: This update for SDL fixes the following issues:
Security issues fixed:
- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).
- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).
- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).
- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).
- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).
- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).
- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).
- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).
- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).
- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).
- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1223
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL fixes the following issues:\n\nSecurity issues fixed:\t \n\n- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1223",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1223-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1223-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/#PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1223-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/#PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW"
},
{
"category": "self",
"summary": "SUSE Bug 1124799",
"url": "https://bugzilla.suse.com/1124799"
},
{
"category": "self",
"summary": "SUSE Bug 1124800",
"url": "https://bugzilla.suse.com/1124800"
},
{
"category": "self",
"summary": "SUSE Bug 1124802",
"url": "https://bugzilla.suse.com/1124802"
},
{
"category": "self",
"summary": "SUSE Bug 1124803",
"url": "https://bugzilla.suse.com/1124803"
},
{
"category": "self",
"summary": "SUSE Bug 1124805",
"url": "https://bugzilla.suse.com/1124805"
},
{
"category": "self",
"summary": "SUSE Bug 1124806",
"url": "https://bugzilla.suse.com/1124806"
},
{
"category": "self",
"summary": "SUSE Bug 1124824",
"url": "https://bugzilla.suse.com/1124824"
},
{
"category": "self",
"summary": "SUSE Bug 1124825",
"url": "https://bugzilla.suse.com/1124825"
},
{
"category": "self",
"summary": "SUSE Bug 1124826",
"url": "https://bugzilla.suse.com/1124826"
},
{
"category": "self",
"summary": "SUSE Bug 1124827",
"url": "https://bugzilla.suse.com/1124827"
},
{
"category": "self",
"summary": "SUSE Bug 1125099",
"url": "https://bugzilla.suse.com/1125099"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7572 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7573 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7574 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7575 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7576 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7637 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7638 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7638/"
}
],
"title": "Security update for SDL",
"tracking": {
"current_release_date": "2019-04-17T13:29:07Z",
"generator": {
"date": "2019-04-17T13:29:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1223-1",
"initial_release_date": "2019-04-17T13:29:07Z",
"revision_history": [
{
"date": "2019-04-17T13:29:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"product": {
"name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"product_id": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
"product": {
"name": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
"product_id": "libSDL-devel-1.2.15-lp150.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"product": {
"name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"product_id": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"product_id": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"product": {
"name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"product_id": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
"product": {
"name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
"product_id": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586"
},
"product_reference": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64"
},
"product_reference": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586"
},
"product_reference": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64"
},
"product_reference": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
},
"product_reference": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-7572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7572"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7572",
"url": "https://www.suse.com/security/cve/CVE-2019-7572"
},
{
"category": "external",
"summary": "SUSE Bug 1124806 for CVE-2019-7572",
"url": "https://bugzilla.suse.com/1124806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7572"
},
{
"cve": "CVE-2019-7573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7573"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7573",
"url": "https://www.suse.com/security/cve/CVE-2019-7573"
},
{
"category": "external",
"summary": "SUSE Bug 1124805 for CVE-2019-7573",
"url": "https://bugzilla.suse.com/1124805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7573"
},
{
"cve": "CVE-2019-7574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7574"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7574",
"url": "https://www.suse.com/security/cve/CVE-2019-7574"
},
{
"category": "external",
"summary": "SUSE Bug 1124803 for CVE-2019-7574",
"url": "https://bugzilla.suse.com/1124803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7574"
},
{
"cve": "CVE-2019-7575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7575"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7575",
"url": "https://www.suse.com/security/cve/CVE-2019-7575"
},
{
"category": "external",
"summary": "SUSE Bug 1124802 for CVE-2019-7575",
"url": "https://bugzilla.suse.com/1124802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7575"
},
{
"cve": "CVE-2019-7576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7576"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7576",
"url": "https://www.suse.com/security/cve/CVE-2019-7576"
},
{
"category": "external",
"summary": "SUSE Bug 1124799 for CVE-2019-7576",
"url": "https://bugzilla.suse.com/1124799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7576"
},
{
"cve": "CVE-2019-7577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7577"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7577",
"url": "https://www.suse.com/security/cve/CVE-2019-7577"
},
{
"category": "external",
"summary": "SUSE Bug 1124800 for CVE-2019-7577",
"url": "https://bugzilla.suse.com/1124800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7577"
},
{
"cve": "CVE-2019-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7578"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7578",
"url": "https://www.suse.com/security/cve/CVE-2019-7578"
},
{
"category": "external",
"summary": "SUSE Bug 1125099 for CVE-2019-7578",
"url": "https://bugzilla.suse.com/1125099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7578"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
},
{
"cve": "CVE-2019-7636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7636"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7636",
"url": "https://www.suse.com/security/cve/CVE-2019-7636"
},
{
"category": "external",
"summary": "SUSE Bug 1124826 for CVE-2019-7636",
"url": "https://bugzilla.suse.com/1124826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7636"
},
{
"cve": "CVE-2019-7637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7637"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7637",
"url": "https://www.suse.com/security/cve/CVE-2019-7637"
},
{
"category": "external",
"summary": "SUSE Bug 1124825 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1124825"
},
{
"category": "external",
"summary": "SUSE Bug 1134135 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1134135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7637"
},
{
"cve": "CVE-2019-7638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7638"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7638",
"url": "https://www.suse.com/security/cve/CVE-2019-7638"
},
{
"category": "external",
"summary": "SUSE Bug 1124824 for CVE-2019-7638",
"url": "https://bugzilla.suse.com/1124824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T13:29:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-7638"
}
]
}
OPENSUSE-SU-2019:1261-1
Vulnerability from csaf_opensuse - Published: 2019-04-23 15:07 - Updated: 2019-04-23 15:07Summary
Security update for SDL2
Severity
Moderate
Notes
Title of the patch: Security update for SDL2
Description of the patch: This update for SDL2 fixes the following issues:
Security issues fixed:
- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).
- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).
- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).
- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).
- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).
- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).
- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).
- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).
- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).
- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).
- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1261
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1261",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1261-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1261-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/#MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1261-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/#MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U"
},
{
"category": "self",
"summary": "SUSE Bug 1124799",
"url": "https://bugzilla.suse.com/1124799"
},
{
"category": "self",
"summary": "SUSE Bug 1124800",
"url": "https://bugzilla.suse.com/1124800"
},
{
"category": "self",
"summary": "SUSE Bug 1124802",
"url": "https://bugzilla.suse.com/1124802"
},
{
"category": "self",
"summary": "SUSE Bug 1124803",
"url": "https://bugzilla.suse.com/1124803"
},
{
"category": "self",
"summary": "SUSE Bug 1124805",
"url": "https://bugzilla.suse.com/1124805"
},
{
"category": "self",
"summary": "SUSE Bug 1124806",
"url": "https://bugzilla.suse.com/1124806"
},
{
"category": "self",
"summary": "SUSE Bug 1124824",
"url": "https://bugzilla.suse.com/1124824"
},
{
"category": "self",
"summary": "SUSE Bug 1124825",
"url": "https://bugzilla.suse.com/1124825"
},
{
"category": "self",
"summary": "SUSE Bug 1124826",
"url": "https://bugzilla.suse.com/1124826"
},
{
"category": "self",
"summary": "SUSE Bug 1124827",
"url": "https://bugzilla.suse.com/1124827"
},
{
"category": "self",
"summary": "SUSE Bug 1125099",
"url": "https://bugzilla.suse.com/1125099"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7572 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7573 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7574 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7575 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7576 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7637 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7638 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7638/"
}
],
"title": "Security update for SDL2",
"tracking": {
"current_release_date": "2019-04-23T15:07:46Z",
"generator": {
"date": "2019-04-23T15:07:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1261-1",
"initial_release_date": "2019-04-23T15:07:46Z",
"revision_history": [
{
"date": "2019-04-23T15:07:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"product": {
"name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"product_id": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"product": {
"name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"product_id": "libSDL2-devel-2.0.8-lp150.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"product_id": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"product_id": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"product": {
"name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"product_id": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
"product": {
"name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
"product_id": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586"
},
"product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586"
},
"product_reference": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64"
},
"product_reference": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
},
"product_reference": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-7572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7572"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7572",
"url": "https://www.suse.com/security/cve/CVE-2019-7572"
},
{
"category": "external",
"summary": "SUSE Bug 1124806 for CVE-2019-7572",
"url": "https://bugzilla.suse.com/1124806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7572"
},
{
"cve": "CVE-2019-7573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7573"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7573",
"url": "https://www.suse.com/security/cve/CVE-2019-7573"
},
{
"category": "external",
"summary": "SUSE Bug 1124805 for CVE-2019-7573",
"url": "https://bugzilla.suse.com/1124805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7573"
},
{
"cve": "CVE-2019-7574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7574"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7574",
"url": "https://www.suse.com/security/cve/CVE-2019-7574"
},
{
"category": "external",
"summary": "SUSE Bug 1124803 for CVE-2019-7574",
"url": "https://bugzilla.suse.com/1124803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7574"
},
{
"cve": "CVE-2019-7575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7575"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7575",
"url": "https://www.suse.com/security/cve/CVE-2019-7575"
},
{
"category": "external",
"summary": "SUSE Bug 1124802 for CVE-2019-7575",
"url": "https://bugzilla.suse.com/1124802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7575"
},
{
"cve": "CVE-2019-7576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7576"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7576",
"url": "https://www.suse.com/security/cve/CVE-2019-7576"
},
{
"category": "external",
"summary": "SUSE Bug 1124799 for CVE-2019-7576",
"url": "https://bugzilla.suse.com/1124799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7576"
},
{
"cve": "CVE-2019-7577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7577"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7577",
"url": "https://www.suse.com/security/cve/CVE-2019-7577"
},
{
"category": "external",
"summary": "SUSE Bug 1124800 for CVE-2019-7577",
"url": "https://bugzilla.suse.com/1124800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7577"
},
{
"cve": "CVE-2019-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7578"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7578",
"url": "https://www.suse.com/security/cve/CVE-2019-7578"
},
{
"category": "external",
"summary": "SUSE Bug 1125099 for CVE-2019-7578",
"url": "https://bugzilla.suse.com/1125099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7578"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
},
{
"cve": "CVE-2019-7636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7636"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7636",
"url": "https://www.suse.com/security/cve/CVE-2019-7636"
},
{
"category": "external",
"summary": "SUSE Bug 1124826 for CVE-2019-7636",
"url": "https://bugzilla.suse.com/1124826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7636"
},
{
"cve": "CVE-2019-7637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7637"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7637",
"url": "https://www.suse.com/security/cve/CVE-2019-7637"
},
{
"category": "external",
"summary": "SUSE Bug 1124825 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1124825"
},
{
"category": "external",
"summary": "SUSE Bug 1134135 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1134135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7637"
},
{
"cve": "CVE-2019-7638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7638"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7638",
"url": "https://www.suse.com/security/cve/CVE-2019-7638"
},
{
"category": "external",
"summary": "SUSE Bug 1124824 for CVE-2019-7638",
"url": "https://bugzilla.suse.com/1124824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-23T15:07:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-7638"
}
]
}
OPENSUSE-SU-2019:2071-1
Vulnerability from csaf_opensuse - Published: 2019-09-05 08:23 - Updated: 2019-09-05 08:23Summary
Security update for SDL_image
Severity
Moderate
Notes
Title of the patch: Security update for SDL_image
Description of the patch: This update for SDL_image fixes the following issues:
Update SDL_Image to new snapshot 1.2.12+hg695.
Security issues fixed:
* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)
* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).
Patchnames: openSUSE-2019-2071
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL_image",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL_image fixes the following issues:\n\nUpdate SDL_Image to new snapshot 1.2.12+hg695.\n\nSecurity issues fixed:\n\n* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)\n* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)\n* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)\n* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)\n* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)\n* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)\n* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2071",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2071-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2071-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3QX7GXNBMMTXZSXQVKMIC4P6EVVZNDRA/#3QX7GXNBMMTXZSXQVKMIC4P6EVVZNDRA"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2071-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3QX7GXNBMMTXZSXQVKMIC4P6EVVZNDRA/#3QX7GXNBMMTXZSXQVKMIC4P6EVVZNDRA"
},
{
"category": "self",
"summary": "SUSE Bug 1124827",
"url": "https://bugzilla.suse.com/1124827"
},
{
"category": "self",
"summary": "SUSE Bug 1140421",
"url": "https://bugzilla.suse.com/1140421"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1143763",
"url": "https://bugzilla.suse.com/1143763"
},
{
"category": "self",
"summary": "SUSE Bug 1143764",
"url": "https://bugzilla.suse.com/1143764"
},
{
"category": "self",
"summary": "SUSE Bug 1143766",
"url": "https://bugzilla.suse.com/1143766"
},
{
"category": "self",
"summary": "SUSE Bug 1143768",
"url": "https://bugzilla.suse.com/1143768"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5052 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5057 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5058 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5060 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
}
],
"title": "Security update for SDL_image",
"tracking": {
"current_release_date": "2019-09-05T08:23:59Z",
"generator": {
"date": "2019-09-05T08:23:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2071-1",
"initial_release_date": "2019-09-05T08:23:59Z",
"revision_history": [
{
"date": "2019-09-05T08:23:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"product_id": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"product": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"product_id": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"product_id": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"product": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"product_id": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-5052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5052"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5052",
"url": "https://www.suse.com/security/cve/CVE-2019-5052"
},
{
"category": "external",
"summary": "SUSE Bug 1140421 for CVE-2019-5052",
"url": "https://bugzilla.suse.com/1140421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5052"
},
{
"cve": "CVE-2019-5057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5057"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5057",
"url": "https://www.suse.com/security/cve/CVE-2019-5057"
},
{
"category": "external",
"summary": "SUSE Bug 1143763 for CVE-2019-5057",
"url": "https://bugzilla.suse.com/1143763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5057"
},
{
"cve": "CVE-2019-5058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5058"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5058",
"url": "https://www.suse.com/security/cve/CVE-2019-5058"
},
{
"category": "external",
"summary": "SUSE Bug 1143764 for CVE-2019-5058",
"url": "https://bugzilla.suse.com/1143764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5058"
},
{
"cve": "CVE-2019-5059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5059"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5059",
"url": "https://www.suse.com/security/cve/CVE-2019-5059"
},
{
"category": "external",
"summary": "SUSE Bug 1143766 for CVE-2019-5059",
"url": "https://bugzilla.suse.com/1143766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5059"
},
{
"cve": "CVE-2019-5060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5060"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5060",
"url": "https://www.suse.com/security/cve/CVE-2019-5060"
},
{
"category": "external",
"summary": "SUSE Bug 1143768 for CVE-2019-5060",
"url": "https://bugzilla.suse.com/1143768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "important"
}
],
"title": "CVE-2019-5060"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
}
]
}
OPENSUSE-SU-2019:2109-1
Vulnerability from csaf_opensuse - Published: 2019-09-10 14:20 - Updated: 2019-09-10 14:20Summary
Security update for SDL_image
Severity
Moderate
Notes
Title of the patch: Security update for SDL_image
Description of the patch: This update for SDL_image fixes the following issues:
Update SDL_Image to new snapshot 1.2.12+hg695.
Security issues fixed:
* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)
* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames: openSUSE-2019-2109
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL_image",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL_image fixes the following issues:\n\nUpdate SDL_Image to new snapshot 1.2.12+hg695.\n\nSecurity issues fixed:\n\n* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)\n* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)\n* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)\n* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)\n* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)\n* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)\n* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2109",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2109-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2109-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LT2L2SUT2SJMJ23HFEUSMEN3PCAFI5LM/#LT2L2SUT2SJMJ23HFEUSMEN3PCAFI5LM"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2109-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LT2L2SUT2SJMJ23HFEUSMEN3PCAFI5LM/#LT2L2SUT2SJMJ23HFEUSMEN3PCAFI5LM"
},
{
"category": "self",
"summary": "SUSE Bug 1124827",
"url": "https://bugzilla.suse.com/1124827"
},
{
"category": "self",
"summary": "SUSE Bug 1140421",
"url": "https://bugzilla.suse.com/1140421"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1143763",
"url": "https://bugzilla.suse.com/1143763"
},
{
"category": "self",
"summary": "SUSE Bug 1143764",
"url": "https://bugzilla.suse.com/1143764"
},
{
"category": "self",
"summary": "SUSE Bug 1143766",
"url": "https://bugzilla.suse.com/1143766"
},
{
"category": "self",
"summary": "SUSE Bug 1143768",
"url": "https://bugzilla.suse.com/1143768"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5052 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5057 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5058 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5060 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
}
],
"title": "Security update for SDL_image",
"tracking": {
"current_release_date": "2019-09-10T14:20:33Z",
"generator": {
"date": "2019-09-10T14:20:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2109-1",
"initial_release_date": "2019-09-10T14:20:33Z",
"revision_history": [
{
"date": "2019-09-10T14:20:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"product_id": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"product": {
"name": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"product_id": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"product": {
"name": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"product_id": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"product_id": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"product_id": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"product_id": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-5052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5052"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5052",
"url": "https://www.suse.com/security/cve/CVE-2019-5052"
},
{
"category": "external",
"summary": "SUSE Bug 1140421 for CVE-2019-5052",
"url": "https://bugzilla.suse.com/1140421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-5052"
},
{
"cve": "CVE-2019-5057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5057"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5057",
"url": "https://www.suse.com/security/cve/CVE-2019-5057"
},
{
"category": "external",
"summary": "SUSE Bug 1143763 for CVE-2019-5057",
"url": "https://bugzilla.suse.com/1143763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-5057"
},
{
"cve": "CVE-2019-5058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5058"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5058",
"url": "https://www.suse.com/security/cve/CVE-2019-5058"
},
{
"category": "external",
"summary": "SUSE Bug 1143764 for CVE-2019-5058",
"url": "https://bugzilla.suse.com/1143764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-5058"
},
{
"cve": "CVE-2019-5059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5059"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5059",
"url": "https://www.suse.com/security/cve/CVE-2019-5059"
},
{
"category": "external",
"summary": "SUSE Bug 1143766 for CVE-2019-5059",
"url": "https://bugzilla.suse.com/1143766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-5059"
},
{
"cve": "CVE-2019-5060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5060"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5060",
"url": "https://www.suse.com/security/cve/CVE-2019-5060"
},
{
"category": "external",
"summary": "SUSE Bug 1143768 for CVE-2019-5060",
"url": "https://bugzilla.suse.com/1143768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "important"
}
],
"title": "CVE-2019-5060"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…