CVE-2019-7576

Опубликовано: 07 фев. 2019

Источник: debian

Описание

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libsdl1.2	fixed	1.2.15+dfsg2-5		package
libsdl1.2	fixed	1.2.15+dfsg2-4+deb10u1	buster	package
libsdl2	fixed	2.0.10+dfsg1-1		package
libsdl2	no-dsa		stretch	package

Примечания

https://bugzilla.libsdl.org/show_bug.cgi?id=4490
Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this

Связанные уязвимости

CVE-2019-7576

CVSS3: 8.8

ubuntu

около 7 лет назад

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).

CVE-2019-7576

CVSS3: 5.1

redhat

около 7 лет назад

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).

CVE-2019-7576

CVSS3: 8.8

nvd

около 7 лет назад

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).

GHSA-ccrw-66xm-h3h8

CVSS3: 8.8

github

больше 3 лет назад

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).

BDU:2020-04702

CVSS3: 6.3

fstec

около 7 лет назад

Уязвимость функции InitMS_ADPCM библиотеки Simple DirectMedia Layer, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации