Vulnerability - CVE-2019-7572

›

›vulnerability›CVE-2019-7572

Name

CVE-2019-7572

Source

NVD ( link)Debian ( link)

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

CWEs

Published Date

Feb 7, 2019

Updated Date

Jun 17, 2026

Workaround

-

Advisories

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List

https://bugzilla.libsdl.org/show_bug.cgi?id=4495Exploit

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://security.gentoo.org/glsa/201909-07Third Party Advisory

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List

https://bugzilla.libsdl.org/show_bug.cgi?id=4495Exploit

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://security.gentoo.org/glsa/201909-07Third Party Advisory

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

8.8

CVSSv31

6.8

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

2025.02.x

1.2.15

Exploitable

buildroot

2025.02.x

2.30.12

Not Affected

yocto

kirkstone

2.0.20

Not Affected

yocto

master

2.32.10

Not Affected

yocto

scarthgap

2.30.1

Not Affected