CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-1010319 – wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS
https://notcve.org/view.php?id=CVE-2019-1010319
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. • https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe https://github.com/dbry/WavPack/issues/68 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2B • CWE-369: Divide By Zero CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-11498 – wavpack: Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS
https://notcve.org/view.php?id=CVE-2019-11498
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. WavpackSetConfiguration64, en pack_utils.c, en libwavpack.a, en WavPack hasta la versión 5.1.0, tiene una condición "Conditional jump or move depends on uninitialised value", que podría permitir a los atacantes causar una denegación de servicio (fallo de la aplicación) a través de un archivo DFF que carece de datos válidos sobre la velocidad de muestreo. • https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4 https://github.com/dbry/WavPack/issues/67 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZDKXGA2ZNSSM64 • CWE-456: Missing Initialization of a Variable CWE-824: Access of Uninitialized Pointer •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-19841 – wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS
https://notcve.org/view.php?id=CVE-2018-19841
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. La función WavpackVerifySingleBlock en open_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un archivo WavPack Lossless Audio manipulado, tal y como queda demostrado con wvunpack. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b https://github.com/dbry/WavPack/issues/54 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT https://lists.fedoraproject.org/archives/list/package • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-19840 – wawpack: Infinite loop in WavpackPackInit function lead to DoS
https://notcve.org/view.php?id=CVE-2018-19840
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. La función WavpackPackInit en pack_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (agotamiento de recursos provocado por un bucle infinito) mediante un archivo de audio wav manipulado debido a que WavpackSetConfiguration64 gestiona erróneamente una tasa de ejemplo con valor cero. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51 https://github.com/dbry/WavPack/issues/53 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT https://lists.fedoraproject.org/archives/list/package • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10537
https://notcve.org/view.php?id=CVE-2018-10537
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. Se ha descubierto un problema en WavPack 5.1.0 y anteriores. El componente de analizador W64 contiene una vulnerabilidad que permite la escritura en la memoria debido a que ParseWave64HeaderConfig en wave64.c no rechaza múltiples fragmentos de formato. • http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15 https://github.com/dbry/WavPack/issues/30 https://github.com/dbry/WavPack/issues/31 https://github.com/dbry/WavPack/issues/32 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKK • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •