CVE-2019-7573

HIGH

8.8

CVSS Severity Score

EPSS Score0.0510%

EPSS Percentile34.39th

PublishedFeb 7, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

Affected Platforms (CPE)

📦

Libsdl

Simple Directmedia Layer

<= 1.2.15

📦

Libsdl

Simple Directmedia Layer

>= 2.0.0 and <= 2.0.9

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

💻

Opensuse

Leap

= 15.0

💻

Opensuse

Leap

= 42.3

💻

Fedoraproject

Fedora

= 31

💻

Canonical

Ubuntu Linux

= 12.04

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 16.04

💻

Canonical

Ubuntu Linux

= 18.04

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html

🔗 https://bugzilla.libsdl.org/show_bug.cgi?id=4491

🔗 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720

🔗 https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html

🔗 https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html

🔗 https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html

Vulnerability Description

Affected Platforms (CPE)

Simple Directmedia Layer

Simple Directmedia Layer

Debian Linux

Debian Linux

Leap

Leap

Fedora

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

References & Advisories

Related Vulnerabilities