PT-2019-5614 · Simple Directmedia Layer+6 · Sdl+6

Radue

·

Published

2019-02-05

·

Updated

2023-05-03

·

CVE-2019-7576

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier SDL (Simple DirectMedia Layer) versions 2.0.9 and earlier
Description The issue is related to a heap-based buffer over-read in the InitMS ADPCM function in audio/SDL wave.c, outside the wNumCoef loop. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For SDL (Simple DirectMedia Layer) versions 1.2.15 and earlier, update to a version later than 1.2.15 to resolve the issue. For SDL (Simple DirectMedia Layer) versions 2.0.9 and earlier, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider disabling the InitMS ADPCM function in audio/SDL wave.c until a patch is available.

Exploit

Fix

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-2572
ALT-PU-2019-3262
BDU:2020-04702
CESA-2020_3868
CESA-2020_4627
CVE-2019-7576
DLA-1713-1
DLA-1713-2
DLA-1714-1
DLA-1714-2
DLA-2804-1
DLA-3314-1
MGASA-2019-0239
OPENSUSE-SU-2019:1223-1
OPENSUSE-SU-2019:1261-1
OPENSUSE-SU-2019_1213-1
OPENSUSE-SU-2019_1223-1
OPENSUSE-SU-2019_1261-1
RHSA-2020:3868
RHSA-2020:4627
RHSA-2020_3868
RHSA-2020_4627
SUSE-SU-2019:0899-1
SUSE-SU-2019:0917-1
SUSE-SU-2019:0950-1
SUSE-SU-2019:13998-1
SUSE-SU-2019_13998-1
USN-4156-1
USN-4156-2

Affected Products

Alt Linux
Astra Linux
Centos
Red Hat
Sdl
Suse
Ubuntu