Summary: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.Published: Thursday, February 7, 2019 - 02:29cvss: 6.8