PT-2019-6337 · Simple Directmedia Layer+3 · Sdl+3

Quang Nguyen

Publicado

2019-02-25

Atualizado

2025-07-03

CVE-2019-13626

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9

Description The issue is related to a heap-based buffer over-read in Fill IMA ADPCM block, caused by an integer overflow in the IMA ADPCM decode() function in audio/SDL wave.c. This can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service.

Recommendations For versions 2.x through 2.0.9, consider disabling the IMA ADPCM decode() function as a temporary workaround until a patch is available. Restrict access to the audio/SDL wave.c component to minimize the risk of exploitation. Avoid using the Fill IMA ADPCM block function in the affected SDL versions until the issue is resolved.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2019-2572

ALT-PU-2019-3262

BDU:2023-02638

CVE-2019-13626

DLA-3314-1

OPENSUSE-SU-2019:2224-1

OPENSUSE-SU-2019:2226-1

OPENSUSE-SU-2019_2224-1

OPENSUSE-SU-2019_2226-1

OPENSUSE-SU-2024:10607-1

OPENSUSE-SU-2025:15206-1

SUSE-SU-2019:2463-1

SUSE-SU-2019:2463-2

Produtos afetados

Alt Linux

Astra Linux

Sdl

Suse

PT-2019-6337 · Simple Directmedia Layer+3 · Sdl+3

CVE-2019-13626

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 50