PT-2019-6337 · Simple Directmedia Layer+3 · Sdl+3

Quang Nguyen

Published

2019-02-25

Updated

2025-07-03

CVE-2019-13626

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SDL (Simple DirectMedia Layer) versions 2.x through 2.0.9

Description The issue is related to a heap-based buffer over-read in Fill IMA ADPCM block, caused by an integer overflow in the IMA ADPCM decode() function in audio/SDL wave.c. This can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service.

Recommendations For versions 2.x through 2.0.9, consider disabling the IMA ADPCM decode() function as a temporary workaround until a patch is available. Restrict access to the audio/SDL wave.c component to minimize the risk of exploitation. Avoid using the Fill IMA ADPCM block function in the affected SDL versions until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-2572

ALT-PU-2019-3262

BDU:2023-02638

CVE-2019-13626

DLA-3314-1

OPENSUSE-SU-2019:2224-1

OPENSUSE-SU-2019:2226-1

OPENSUSE-SU-2019_2224-1

OPENSUSE-SU-2019_2226-1

OPENSUSE-SU-2024:10607-1

OPENSUSE-SU-2025:15206-1

SUSE-SU-2019:2463-1

SUSE-SU-2019:2463-2

Affected Products

Alt Linux

Astra Linux

Sdl

Suse

PT-2019-6337 · Simple Directmedia Layer+3 · Sdl+3

CVE-2019-13626

Weakness Enumeration

Related Identifiers

Affected Products

References · 50