Vulnerability - CVE-2019-7572

›

›vulnerability›CVE-2019-7572

Name

CVE-2019-7572

Source

NVD ( link)Debian ( link)

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

CWEs

Published Date

Feb 7, 2019

Updated Date

Jun 17, 2026

Workaround

-

Advisories

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List

https://bugzilla.libsdl.org/show_bug.cgi?id=4495Exploit

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://security.gentoo.org/glsa/201909-07Third Party Advisory

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List

https://bugzilla.libsdl.org/show_bug.cgi?id=4495Exploit

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://security.gentoo.org/glsa/201909-07Third Party Advisory

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

8.8

CVSSv31

6.8

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

2025.02.x

1.2.15

Exploitable

buildroot

2025.02.x

2.30.12

Not Affected

buildroot

master

1.2.15

Exploitable

buildroot

master

2.32.10

Not Affected

yocto

master

1.2.15

Exploitable

yocto

master

2.32.10

Not Affected

yocto

scarthgap

1.2.15

Exploitable

yocto

scarthgap

2.30.1

Not Affected