Radue

**Name of the Vulnerable Software and Affected Versions** Simple DirectMedia Layer versions 1.2.15 and earlier Simple DirectMedia Layer versions 2.x through 2.0.9 **Description** The issue is related to a heap-based buffer over-read in the `IMA ADPCM decode` function, located in `audio/SDL wave.c`, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Simple DirectMedia Layer versions 1.2.15 and earlier, update to a version later than 1.2.15. For Simple DirectMedia Layer versions 2.x through 2.0.9, update to a version later than 2.0.9. As a temporary workaround, consider disabling the `IMA ADPCM decode` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9 **Description** The issue is related to a buffer over-read in the `IMA ADPCM nibble` function, located in `audio/SDL wave.c`, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, consider updating to a version that fixes the buffer over-read issue in the `IMA ADPCM nibble` function. For SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9, consider updating to a version that fixes the buffer over-read issue in the `IMA ADPCM nibble` function. As a temporary workaround, consider disabling the `IMA ADPCM nibble` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SDL versions 1.2.15 and earlier SDL versions 2.x through 2.0.9 **Description** The issue is related to a heap-based buffer overflow in the `MS ADPCM decode` function of the Simple DirectMedia Layer library, located in `audio/SDL wave.c`. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For SDL versions 1.2.15 and earlier, update to a version later than 1.2.15. For SDL versions 2.x through 2.0.9, update to a version later than 2.0.9. As a temporary workaround, consider disabling the `MS ADPCM decode` function in `audio/SDL wave.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SDL versions 1.2.15 and earlier SDL versions 2.0.9 and earlier **Description** The issue is related to a buffer over-read in the `SDL LoadWAV RW` function in the `audio/SDL wave.c` file of the Simple DirectMedia Layer library. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For SDL versions 1.2.15 and earlier, update to a version later than 1.2.15. For SDL versions 2.0.9 and earlier, update to a version later than 2.0.9. As a temporary workaround, consider restricting the use of the `SDL LoadWAV RW` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simple DirectMedia Layer versions 1.2.15 and earlier Simple DirectMedia Layer versions 2.x through 2.0.9 **Description** The issue is related to a heap-based buffer over-read in the `InitIMA ADPCM` function in `audio/SDL wave.c` of the Simple DirectMedia Layer library. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions 1.2.15 and earlier, update to a version later than 1.2.15. For versions 2.x through 2.0.9, update to a version later than 2.0.9. As a temporary workaround, consider disabling the `InitIMA ADPCM` function in `audio/SDL wave.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SDL versions 1.2.0 through 1.2.15 SDL versions 2.0.0 through 2.0.9 **Description** The issue is related to a heap-based buffer over-read in the InitMS ADPCM function in the audio/SDL wave.c file of the Simple DirectMedia Layer library. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is also associated with the wNumCoef function and involves reading beyond the boundaries of a data buffer. **Recommendations** For SDL versions 1.2.0 through 1.2.15, update to a version later than 1.2.15 to resolve the issue. For SDL versions 2.0.0 through 2.0.9, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider disabling the `InitMS ADPCM` function until a patch is available. Restrict access to the vulnerable `audio/SDL wave.c` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.0.9 and earlier **Description** The issue is related to a heap-based buffer over-read in the `InitMS ADPCM` function in `audio/SDL wave.c`, outside the `wNumCoef` loop. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, update to a version later than 1.2.15 to resolve the issue. For SDL (Simple DirectMedia Layer) versions 2.0.9 and earlier, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider disabling the `InitMS ADPCM` function in `audio/SDL wave.c` until a patch is available.