CVE-2019-7573 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-891	sdl2	2.0.9-1	2.0.10-1	High	Fixed
AVG-890	sdl	1.2.15-10	1.2.15-13	High	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Oct 2019	ASA-201910-8	AVG-890	sdl	High	arbitrary code execution
05 Aug 2019	ASA-201908-5	AVG-891	sdl2	High	arbitrary code execution

References
https://bugzilla.libsdl.org/show_bug.cgi?id=4491 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720 https://hg.libsdl.org/SDL/rev/388987dff7bf https://hg.libsdl.org/SDL/rev/f9a9d6c76b21

References

https://bugzilla.libsdl.org/show_bug.cgi?id=4491
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
https://hg.libsdl.org/SDL/rev/388987dff7bf
https://hg.libsdl.org/SDL/rev/f9a9d6c76b21

Notes
Upstream states that the fix is similar to the one for CVE-2019-7578.