CVE-2019-7576

HIGH

SDL <2.0.10 - Buffer Overflow

Title source: llm

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).

References (16)

Core 16

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/201909-07

Third Party Advisory vendor-advisory

https://usn.ubuntu.com/4156-1/

Third Party Advisory vendor-advisory

https://usn.ubuntu.com/4156-2/

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202305-17

Exploit, Issue Tracking, Vendor Advisory

https://bugzilla.libsdl.org/show_bug.cgi?id=4490

Vendor Advisory

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

Scores

CVSS v3 8.8

EPSS 0.0901

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (10)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

debian/debian_linux 8.0

debian/debian_linux 9.0

fedoraproject/fedora 31

libsdl/simple_directmedia_layer < 1.2.15

opensuse/leap 15.0

opensuse/leap 42.3

Published Feb 07, 2019

Tracked Since Feb 18, 2026