CVE-2019-7573

Опубликовано: 07 фев. 2019

Источник: debian

EPSS Низкий

Описание

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libsdl1.2	fixed	1.2.15+dfsg2-5		package
libsdl1.2	fixed	1.2.15+dfsg2-4+deb10u1	buster	package
libsdl2	fixed	2.0.10+dfsg1-1		package
libsdl2	no-dsa		stretch	package

Примечания

https://bugzilla.libsdl.org/show_bug.cgi?id=4491
same patch as CVE-2019-7576
https://hg.libsdl.org/SDL/rev/fcbecae42795 (SDL-1.2)
SDL2 was probably fixed during a refactoring, no targeted fix available:
https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)

EPSS

Процентиль: 92%

0.08471

Низкий

Связанные уязвимости

CVE-2019-7573

CVSS3: 8.8

ubuntu

около 7 лет назад

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

CVE-2019-7573

CVSS3: 5.1

redhat

около 7 лет назад

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

CVE-2019-7573

CVSS3: 8.8

nvd

около 7 лет назад

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

GHSA-645c-jj5m-8j69

CVSS3: 8.8

github

больше 3 лет назад

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

BDU:2020-04699

CVSS3: 6.3

fstec

около 7 лет назад

Уязвимость функции InitMS_ADPCM библиотеки Simple DirectMedia Layer, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 92%

0.08471

Низкий