Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian LTS: Security Advisory for libsdl1.2 (DLA-2804-1)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

The remote host is missing an update for the 'libsdl1.2' package(s) announced via the DLA-2804-1 advisory.

Insight

Insight

Several vulnerability have been fixed in libsdl2, the older version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware. CVE-2019-7572 Buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c CVE-2019-7573 Heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c CVE-2019-7574 Heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c CVE-2019-7575 Heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c CVE-2019-7576 Heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c CVE-2019-7577 Buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c CVE-2019-7578 Heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c CVE-2019-7635 Heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c CVE-2019-7636 Heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c CVE-2019-7637 Heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c CVE-2019-7638 Heap-based buffer over-read in Map1toN in video/SDL_pixels.c CVE-2019-13616 Heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c

Affected Software

Affected Software

'libsdl1.2' package(s) on Debian Linux.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

For Debian 9 stretch, these problems have been fixed in version 1.2.15+dfsg1-4+deb9u1. We recommend that you upgrade your libsdl1.2 packages.