CVE-2022-2476
https://notcve.org/view.php?id=CVE-2022-2476
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING Se ha encontrado un bug de desreferencia de puntero null en wavpack versión 5.4.0 Los resultados del registro ASAN: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV en dirección desconocida 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==La señal es causada por un acceso a memoria WRITE. ==84257==Pista: la dirección apunta a la página cero. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer no puede proporcionar información adicional. RESUMEN: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING • https://github.com/dbry/WavPack/issues/121 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CK45CC7MQ54SHEIJ63PW3HP4BCPTX6QP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMIXZWB3OURGBAEU3T5HQY56BN2ZVLYF • CWE-476: NULL Pointer Dereference •
CVE-2021-44269 – wavpack: Heap out-of-bounds read in WavpackPackSamples()
https://notcve.org/view.php?id=CVE-2021-44269
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. Se encontró una lectura fuera de límites en Wavpack versión 5.4.0, al procesar archivos *.WAV. Este problema es desencadenado en la función WavpackPackSamples del archivo src/pack_utils.c, la variable tainted cnt es demasiado grande, lo que hace que el puntero sptr sea leído más allá del límite de la pila A heap out-of-bounds read flaw was found in WavPacks' WavpackPackSamples() function of src/pack_utils.c and only affects the command-line program of WavPack (not libwavpack). This flaw allows an attacker to exploit this flaw for a website that uses the WavPack command-line program on user-provided files, causing a denial of service. • https://github.com/dbry/WavPack/issues/110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP https://lists • CWE-125: Out-of-bounds Read •
CVE-2020-35738
https://notcve.org/view.php?id=CVE-2020-35738
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected. WavPack versión 5.3.0, presenta una escritura fuera de límites en la función WavpackPackSamples en el archivo pack_utils.c debido a un desbordamiento de enteros en un argumento malloc. NOTA: algunos terceros afirman que existen versiones "unofficial" posteriores hasta la 5.3.2, que también están afectadas • https://github.com/dbry/WavPack/issues/91 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC https://lists.fedoraproject.org/archives/list/package-annou • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2019-1010315 – wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash
https://notcve.org/view.php?id=CVE-2019-1010315
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc. • https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc https://github.com/dbry/WavPack/issues/65 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH https://usn.ubuntu.com/4062-1 https://access.redhat.com/security/cve/CVE-2019-1010315 https • CWE-369: Divide By Zero •
CVE-2019-1010317 – wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS
https://notcve.org/view.php?id=CVE-2019-1010317
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. • https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b https://github.com/dbry/WavPack/issues/66 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2B • CWE-457: Use of Uninitialized Variable CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource •