Vulnerability - CVE-2019-7576

›

›vulnerability›CVE-2019-7576

Name

CVE-2019-7576

Source

NVD ( link)Debian ( link)

Description

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).

CWEs

Published Date

Feb 7, 2019

Updated Date

Jun 17, 2026

Workaround

-

Advisories

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List

https://bugzilla.libsdl.org/show_bug.cgi?id=4490Exploit

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://security.gentoo.org/glsa/201909-07Third Party Advisory

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.htmlMailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.htmlMailing List

https://bugzilla.libsdl.org/show_bug.cgi?id=4490Exploit

https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00015.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/03/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00021.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00032.htmlMailing List

https://security.gentoo.org/glsa/201909-07Third Party Advisory

https://usn.ubuntu.com/4156-1/Third Party Advisory

https://usn.ubuntu.com/4156-2/Third Party Advisory

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

8.8

CVSSv31

6.8

CVSSv2

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

2025.02.x

1.2.15

Exploitable

buildroot

2025.02.x

2.30.12

Not Affected

buildroot

master

1.2.15

Exploitable

buildroot

master

2.32.10

Not Affected

yocto

kirkstone

1.2.15

Exploitable

yocto

kirkstone

2.0.20

Not Affected

yocto

master

1.2.15

Exploitable

yocto

master

2.32.10

Not Affected