CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2476 – Ubuntu Security Notice USN-5721-1
https://notcve.org/view.php?id=CVE-2022-2476
19 Jul 2022 — A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x8... • https://github.com/dbry/WavPack/issues/121 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-44269 – wavpack: Heap out-of-bounds read in WavpackPackSamples()
https://notcve.org/view.php?id=CVE-2021-44269
10 Mar 2022 — An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. Se encontró una lectura fuera de límites en Wavpack versión 5.4.0, al procesar archivos *.WAV. Este problema es desencadenado en la función WavpackPackSamples del archivo src/pack_utils.c, la variable tainted cnt es demasiado grande, lo que hace que el puntero sptr sea leído... • https://github.com/dbry/WavPack/issues/110 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2020-35738 – Ubuntu Security Notice USN-4682-1
https://notcve.org/view.php?id=CVE-2020-35738
28 Dec 2020 — WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected. WavPack versión 5.3.0, presenta una escritura fuera de límites en la función WavpackPackSamples en el archivo pack_utils.c debido a un desbordamiento de enteros en un argumento malloc. NOTA: algunos terceros afirman que existen versiones "unofficial" posteriore... • https://github.com/dbry/WavPack/issues/91 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-1010315 – wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash
https://notcve.org/view.php?id=CVE-2019-1010315
11 Jul 2019 — WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc. • https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-1010317 – wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS
https://notcve.org/view.php?id=CVE-2019-1010317
11 Jul 2019 — WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. • https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b • CWE-457: Use of Uninitialized Variable CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-1010319 – wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS
https://notcve.org/view.php?id=CVE-2019-1010319
11 Jul 2019 — WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. • https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe • CWE-369: Divide By Zero CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 1CVE-2019-11498 – wavpack: Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS
https://notcve.org/view.php?id=CVE-2019-11498
24 Apr 2019 — WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. WavpackSetConfiguration64, en pack_utils.c, en libwavpack.a, en WavPack hasta la versión 5.1.0, tiene una condición "Conditional jump or move depends on uninitialised value", que podría permitir a los atacantes causar una deneg... • https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4 • CWE-456: Missing Initialization of a Variable CWE-824: Access of Uninitialized Pointer •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-19840 – wawpack: Infinite loop in WavpackPackInit function lead to DoS
https://notcve.org/view.php?id=CVE-2018-19840
04 Dec 2018 — The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. La función WavpackPackInit en pack_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (agotamiento de recursos provocado por un bucle infinito) mediante un archivo ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-19841 – wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS
https://notcve.org/view.php?id=CVE-2018-19841
04 Dec 2018 — The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. La función WavpackVerifySingleBlock en open_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un archivo WavPack... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-10536 – Slackware Security Advisory - wavpack Updates
https://notcve.org/view.php?id=CVE-2018-10536
29 Apr 2018 — An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. Se ha descubierto un problema en WavPack 5.1.0 y anteriores. El componente de analizador WAV contiene una vulnerabilidad que permite la escritura en la memoria debido a que ParseRiffHeaderConfig en riff.c no rechaza múltiples fragmentos de formato. Thuan Pham, Marcel Bohme, Andrew Santosa and Alex... • http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html • CWE-787: Out-of-bounds Write •