You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke SDL

Sigurnosni nedostatak programske biblioteke SDL

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2019-03-20 21:17:00.935438

Name : SDL
Product : Fedora 28
Version : 1.2.15
Release : 32.fc28
Summary : A cross-platform multimedia library
Description :
Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed
to provide fast access to the graphics frame buffer and audio device.

Update Information:

This release fixes a buffer overflow when processing RIFF/WAV files with in
invalid MS ADPCM predictor.

* Tue Mar 12 2019 Petr Pisar <> – 1.2.15-32
– Fix CVE-2019-7577 completely (a buffer overread in MS_ADPCM_nibble and
MS_ADPCM_decode on an invalid predictor) (bug #1676510)
* Fri Feb 15 2019 Petr Pisar <> – 1.2.15-31
– Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (bug #1676510)
– Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (bug #1676744)
– Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (bug #1676750)
– Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (bug #1676754)
– Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (bug #1676754)
– Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)
(bugs #1676752, #1676756)
– Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (bug #1676782)
– Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP
images with too high number of colors) (bugs #1677144, #1677157)
– Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (bug #1677152)
– Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel
colors out the palette) (bug #1677159)
– Reject 2, 3, 5, 6, 7-bpp BMP images (bug #1677159)

[ 1 ] Bug #1676509 – CVE-2019-7577 SDL: Buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-918aad6bd5’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorFilip Karamatic
Cert idNCERT-REF-2019-03-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa python2-django1.11

Otkriveni su sigurnosni nedostaci u programskom paketu python2-django1.11 za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje "spoofing" napada...