Vulnerability - CVE-2019-7578

›

›vulnerability›CVE-2019-7578

Name

CVE-2019-7578

Source

NVD ( link)Debian ( link)

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

CWEs

Published Date

Feb 7, 2019

Updated Date

Jun 17, 2026

Workaround

-

Advisories

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List

https://bugzilla.libsdl.org/show_bug.cgi?id=4494Exploit

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/01/msg00024.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://security.gentoo.org/glsa/201909-07Third Party Advisory

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List

https://bugzilla.libsdl.org/show_bug.cgi?id=4494Exploit

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/01/msg00024.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://security.gentoo.org/glsa/201909-07Third Party Advisory

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

8.1

CVSSv31

5.8

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

2025.02.x

1.2.15

Exploitable

buildroot

2025.02.x

2.30.12

Not Affected

buildroot

master

1.2.15

Exploitable

buildroot

master

2.32.10

Not Affected

yocto

master

1.2.15

Exploitable

yocto

master

2.32.10

Not Affected

yocto

scarthgap

1.2.15

Exploitable

yocto

scarthgap

2.30.1

Not Affected