CVE-2019-7573Out-of-bounds Read in Simple Directmedia Layer

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow11 documents8 sources
Severity
8.8HIGHNVD
EPSS
8.5%
top 7.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Libsdl Simple Directmedia LayerCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedFeb 7
Latest updateMay 13

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlibsdl/simple_directmedia_layer2.0.02.0.9+1
NVDopensuse/leap15.0, 42.3+1

Also affects: Debian Linux 8.0, 9.0, Fedora 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

🔴Vulnerability Details

3
GHSA
GHSA-645c-jj5m-8j69: SDL (Simple DirectMedia Layer) through 12022-05-13
CVEList
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 12019-02-07
OSV
CVE-2019-7573: SDL (Simple DirectMedia Layer) through 12019-02-07

📋Vendor Advisories

4
Ubuntu
SDL vulnerabilities2019-10-16
Ubuntu
SDL vulnerabilities2019-10-15
Red Hat
SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c2019-02-06
Debian
CVE-2019-7573: libsdl1.2 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-b...2019

💬Community

3
Bugzilla
CVE-2019-3871 pdns: insufficient validation of data when building a HTTP request from a DNS query2019-03-14
Bugzilla
CVE-2019-7573 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c2019-02-13
Bugzilla
CVE-2019-7573 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c [fedora-all]2019-02-13
CVE-2019-7573 — Out-of-bounds Read | cvebase