PT-2019-5611 · Simple Directmedia Layer+6 · Sdl+6

Radue

·

Published

2019-02-06

·

Updated

2025-07-03

·

CVE-2019-7572

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9
Description The issue is related to a buffer over-read in the IMA ADPCM nibble function, located in audio/SDL wave.c, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, consider updating to a version that fixes the buffer over-read issue in the IMA ADPCM nibble function. For SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9, consider updating to a version that fixes the buffer over-read issue in the IMA ADPCM nibble function. As a temporary workaround, consider disabling the IMA ADPCM nibble function until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-2572
ALT-PU-2019-3262
BDU:2020-04698
CESA-2020_3868
CESA-2020_4627
CVE-2019-7572
DLA-1713-1
DLA-1713-2
DLA-1714-1
DLA-1714-2
DLA-2804-1
DLA-3314-1
MGASA-2019-0127
MGASA-2019-0239
OESA-2021-1426
OPENSUSE-SU-2019:1223-1
OPENSUSE-SU-2019:1261-1
OPENSUSE-SU-2019_1213-1
OPENSUSE-SU-2019_1223-1
OPENSUSE-SU-2019_1261-1
OPENSUSE-SU-2024:10606-1
OPENSUSE-SU-2024:13582-1
OPENSUSE-SU-2025:15205-1
OPENSUSE-SU-2025:15206-1
RHSA-2020:3868
RHSA-2020:4627
RHSA-2020_3868
RHSA-2020_4627
SUSE-SU-2019:0899-1
SUSE-SU-2019:0917-1
SUSE-SU-2019:0950-1
SUSE-SU-2019:13998-1
SUSE-SU-2019_0899-1
SUSE-SU-2019_0917-1
SUSE-SU-2019_0950-1
SUSE-SU-2019_13998-1
USN-4156-1
USN-4156-2

Affected Products

Alt Linux
Astra Linux
Centos
Red Hat
Sdl
Suse
Ubuntu