{"id":"MGASA-2019-0127","summary":"Updated SDL12 packages fix security vulnerability","details":"This release fixes various buffer overflows when parsing or processing\ndamaged Waveform audio and BMP image files.\n- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510)\n- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744)\n- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750)\n- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754)\n- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754)\n- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)\n  (rhbz#1676752, rhbz#1676756)\n- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782)\n- Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP\n  images with too high number of colors) (rhbz#1677144, rhbz#1677157)\n- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch)\n  (rhbz#1677152)\n- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel\n  colors out the palette) (rhbz#1677159)\n- Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)\n","modified":"2026-04-16T01:48:30.647796150Z","published":"2019-04-05T18:12:59Z","upstream":["CVE-2019-7572","CVE-2019-7573","CVE-2019-7574","CVE-2019-7575","CVE-2019-7577","CVE-2019-7635","CVE-2019-7637","CVE-2019-7638"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0127.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24496"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHEXXGCOKNICFBDMNVYYDTSDLQ42K5G5/"}],"affected":[{"package":{"name":"SDL12","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/SDL12?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.15-19.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0127.json"}},{"package":{"name":"mingw-SDL","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mingw-SDL?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.15-8.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0127.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}