SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode() in audio/SDLwave.c.
{ "urgency": "not yet assigned" }