CVE-2019-7573 log

Severity High
Remote Yes
Type Arbitrary code execution
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
Group Package Affected Fixed Severity Status Ticket
AVG-891 sdl2 2.0.9-1 2.0.10-1 High Fixed
AVG-890 sdl 1.2.15-10 1.2.15-13 High Fixed
Date Advisory Group Package Severity Type
11 Oct 2019 ASA-201910-8 AVG-890 sdl High arbitrary code execution
05 Aug 2019 ASA-201908-5 AVG-891 sdl2 High arbitrary code execution
Upstream states that the fix is similar to the one for CVE-2019-7578.