{"id":"USN-4143-1","summary":"SDL 2.0 vulnerabilities","details":"It was discovered that SDL 2.0 mishandled crafted image files resulting in an\ninteger overflow. If a user were tricked into opening a malicious file, SDL\n2.0 could be caused to crash or potentially run arbitrary code.\n(CVE-2017-2888)\n\nIt was discovered that SDL 2.0 mishandled crafted image files. If a user were \ntricked into opening a malicious file, SDL 2.0 could be caused to crash or \npotentially run arbitrary code.\n(CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638)\n","modified":"2026-02-10T04:41:38Z","published":"2019-09-30T15:05:54Z","related":["UBUNTU-CVE-2017-2888","UBUNTU-CVE-2019-7635","UBUNTU-CVE-2019-7636","UBUNTU-CVE-2019-7637","UBUNTU-CVE-2019-7638"],"upstream":["CVE-2017-2888","CVE-2019-7635","CVE-2019-7636","CVE-2019-7637","CVE-2019-7638","UBUNTU-CVE-2017-2888","UBUNTU-CVE-2019-7635","UBUNTU-CVE-2019-7636","UBUNTU-CVE-2019-7637","UBUNTU-CVE-2019-7638"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4143-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-2888"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-7635"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-7636"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-7637"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-7638"}],"affected":[{"package":{"name":"libsdl2","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libsdl2@2.0.4+dfsg1-2ubuntu2.16.04.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.4+dfsg1-2ubuntu2.16.04.2"}]}],"versions":["2.0.2+dfsg1-6ubuntu2","2.0.4+dfsg1-2","2.0.4+dfsg1-2ubuntu1","2.0.4+dfsg1-2ubuntu2","2.0.4+dfsg1-2ubuntu2.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libsdl2-2.0-0","binary_version":"2.0.4+dfsg1-2ubuntu2.16.04.2"},{"binary_name":"libsdl2-dev","binary_version":"2.0.4+dfsg1-2ubuntu2.16.04.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-2888"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-7635"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-7636"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-7637"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-7638"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4143-1.json"}},{"package":{"name":"libsdl2","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/libsdl2@2.0.8+dfsg1-1ubuntu1.18.04.4?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.8+dfsg1-1ubuntu1.18.04.4"}]}],"versions":["2.0.6+dfsg1-3ubuntu1","2.0.6+dfsg1-4ubuntu1","2.0.7+dfsg1-3ubuntu1","2.0.8+dfsg1-1ubuntu1","2.0.8+dfsg1-1ubuntu1.18.04.1","2.0.8+dfsg1-1ubuntu1.18.04.3"],"ecosystem_specific":{"binaries":[{"binary_name":"libsdl2-2.0-0","binary_version":"2.0.8+dfsg1-1ubuntu1.18.04.4"},{"binary_name":"libsdl2-dev","binary_version":"2.0.8+dfsg1-1ubuntu1.18.04.4"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-7635"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-7636"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-7638"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4143-1.json"}}],"schema_version":"1.7.3"}