{"schema_version":"1.7.2","id":"OESA-2021-1426","modified":"2021-11-12T11:03:20Z","published":"2021-11-12T11:03:20Z","upstream":["CVE-2019-7572","CVE-2019-7574","CVE-2019-7575"],"summary":"SDL security update","details":"Simple DirectMedia Layer(SDL) is a cross-platform development library designed\\ to provide low level access to audio, keyboard, mouse, joystick, and graphics\\ hardware via OpenGL and Direct3D. It is used by video playback software, emulators,\\ and popular games including Valve\u0026apos;s award winning catalog and many Humble Bundle games.\\\r\n\r\nSecurity Fix(es):\r\n\r\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(CVE-2019-7572)\r\n\r\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.(CVE-2019-7574)\r\n\r\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.(CVE-2019-7575)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"SDL","purl":"pkg:rpm/openEuler/SDL\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.15-39.oe1"}]}],"ecosystem_specific":{"aarch64":["SDL-debugsource-1.2.15-39.oe1.aarch64.rpm","SDL-1.2.15-39.oe1.aarch64.rpm","SDL-help-1.2.15-39.oe1.aarch64.rpm","SDL-devel-1.2.15-39.oe1.aarch64.rpm","SDL-debuginfo-1.2.15-39.oe1.aarch64.rpm"],"src":["SDL-1.2.15-39.oe1.src.rpm"],"x86_64":["SDL-help-1.2.15-39.oe1.x86_64.rpm","SDL-devel-1.2.15-39.oe1.x86_64.rpm","SDL-debuginfo-1.2.15-39.oe1.x86_64.rpm","SDL-1.2.15-39.oe1.x86_64.rpm","SDL-debugsource-1.2.15-39.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"SDL","purl":"pkg:rpm/openEuler/SDL\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.15-39.oe1"}]}],"ecosystem_specific":{"aarch64":["SDL-debugsource-1.2.15-39.oe1.aarch64.rpm","SDL-devel-1.2.15-39.oe1.aarch64.rpm","SDL-1.2.15-39.oe1.aarch64.rpm","SDL-debuginfo-1.2.15-39.oe1.aarch64.rpm","SDL-help-1.2.15-39.oe1.aarch64.rpm"],"src":["SDL-1.2.15-39.oe1.src.rpm"],"x86_64":["SDL-devel-1.2.15-39.oe1.x86_64.rpm","SDL-debuginfo-1.2.15-39.oe1.x86_64.rpm","SDL-help-1.2.15-39.oe1.x86_64.rpm","SDL-debugsource-1.2.15-39.oe1.x86_64.rpm","SDL-1.2.15-39.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1426"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7572"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7574"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7575"}],"database_specific":{"severity":"High"}}