Описание
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
An out-of-bounds read flaw was discovered in SDL2, in the way that WAVE files are loaded through the SDL_LoadWAV_RW function. An application that uses SDL2 and loads untrusted input files may be vulnerable to this flaw. An attacker can abuse this flaw to crash the application or to leak data from the application's memory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | SDL | Not affected | ||
| Red Hat Enterprise Linux 6 | SDL | Not affected | ||
| Red Hat Enterprise Linux 7 | SDL | Not affected | ||
| Red Hat Enterprise Linux 8 | SDL | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buff ...
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
Уязвимость функции IMA_ADPCM_decode() компонента audio/SDL_wave.c мультимедийной библиотеки Simple DirectMedia Layer, позволяющая нарушителю вызвать отказ в обслуживании
6.5 Medium
CVSS3