PT-2019-5616 · Sdl+6 · Simple Directmedia Layer+6

Radue

Publicado

2019-02-06

Atualizado

2025-07-03

CVE-2019-7578

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Simple DirectMedia Layer versions 1.2.15 and earlier Simple DirectMedia Layer versions 2.x through 2.0.9

Description The issue is related to a heap-based buffer over-read in the InitIMA ADPCM function in audio/SDL wave.c of the Simple DirectMedia Layer library. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions 1.2.15 and earlier, update to a version later than 1.2.15. For versions 2.x through 2.0.9, update to a version later than 2.0.9. As a temporary workaround, consider disabling the InitIMA ADPCM function in audio/SDL wave.c until a patch is available.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2019-2572

ALT-PU-2019-3262

BDU:2020-04704

CESA-2020_3868

CESA-2020_4627

CVE-2019-7578

DLA-1713-1

DLA-1713-2

DLA-1714-1

DLA-1714-2

DLA-2536-1

DLA-2804-1

DLA-3314-1

MGASA-2019-0239

OPENSUSE-SU-2019:1223-1

OPENSUSE-SU-2019:1261-1

OPENSUSE-SU-2019_1213-1

OPENSUSE-SU-2019_1223-1

OPENSUSE-SU-2019_1261-1

OPENSUSE-SU-2024:10606-1

OPENSUSE-SU-2024:13582-1

OPENSUSE-SU-2025:15205-1

OPENSUSE-SU-2025:15206-1

RHSA-2020:3868

RHSA-2020:4627

RHSA-2020_3868

RHSA-2020_4627

SUSE-SU-2019:0899-1

SUSE-SU-2019:0917-1

SUSE-SU-2019:0950-1

SUSE-SU-2019:13998-1

SUSE-SU-2019_13998-1

USN-4156-1

USN-4156-2

Produtos afetados

Alt Linux

Astra Linux

Centos

Red Hat

Simple Directmedia Layer

Suse

Ubuntu

PT-2019-5616 · Sdl+6 · Simple Directmedia Layer+6

CVE-2019-7578

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 118