{"id":"CVE-2019-13626","details":"SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.","modified":"2026-03-12T23:00:21.195931Z","published":"2019-07-17T16:15:12.787Z","related":["SUSE-SU-2019:2463-1","SUSE-SU-2019:2463-2","openSUSE-SU-2019:2224-1","openSUSE-SU-2019:2226-1","openSUSE-SU-2024:10607-1","openSUSE-SU-2025:15206-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201909-07"},{"type":"REPORT","url":"https://bugzilla.libsdl.org/show_bug.cgi?id=4522"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13626.json","unresolved_ranges":[{"events":[{"introduced":"2.0.0"},{"last_affected":"2.0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}