ID CVE-2019-7575
Summary SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
References
Vulnerable Configurations
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.12-1:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.12-1:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.13-1:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.13-1:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.14-1:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.14-1:*:*:*:*:*:*:*
  • cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:libsdl:simple_directmedia_layer:1.2.15:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
CVSS
Base: 6.8 (as of 03-05-2023 - 12:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
rpms
  • SDL-0:1.2.15-17.el7
  • SDL-debuginfo-0:1.2.15-17.el7
  • SDL-devel-0:1.2.15-17.el7
  • SDL-static-0:1.2.15-17.el7
  • SDL-0:1.2.15-38.el8
  • SDL-debuginfo-0:1.2.15-38.el8
  • SDL-debugsource-0:1.2.15-38.el8
  • SDL-devel-0:1.2.15-38.el8
refmap via4
fedora FEDORA-2020-24652fe41c
gentoo GLSA-201909-07
misc
mlist
  • [debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update
  • [debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update
  • [debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update
  • [debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update
suse
  • openSUSE-SU-2019:1213
  • openSUSE-SU-2019:1223
  • openSUSE-SU-2019:1261
ubuntu
  • USN-4156-1
  • USN-4156-2
Last major update 03-05-2023 - 12:15
Published 07-02-2019 - 07:29
Last modified 03-05-2023 - 12:15
Back to Top