CVE-2019-7572 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-891	sdl2	2.0.9-1	2.0.10-1	High	Fixed
AVG-890	sdl	1.2.15-10	1.2.15-13	High	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Oct 2019	ASA-201910-8	AVG-890	sdl	High	arbitrary code execution
05 Aug 2019	ASA-201908-5	AVG-891	sdl2	High	arbitrary code execution

References
https://bugzilla.libsdl.org/show_bug.cgi?id=4495 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720 https://hg.libsdl.org/SDL/rev/e52413f52586 https://hg.libsdl.org/SDL/rev/a8afedbcaea0

References

https://bugzilla.libsdl.org/show_bug.cgi?id=4495
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
https://hg.libsdl.org/SDL/rev/e52413f52586
https://hg.libsdl.org/SDL/rev/a8afedbcaea0