CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-1010315 – wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash
https://notcve.org/view.php?id=CVE-2019-1010315
11 Jul 2019 — WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc. • https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-1010317 – wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS
https://notcve.org/view.php?id=CVE-2019-1010317
11 Jul 2019 — WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. • https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b • CWE-457: Use of Uninitialized Variable CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-1010319 – wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS
https://notcve.org/view.php?id=CVE-2019-1010319
11 Jul 2019 — WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. • https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe • CWE-369: Divide By Zero CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 1CVE-2019-11498 – wavpack: Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS
https://notcve.org/view.php?id=CVE-2019-11498
24 Apr 2019 — WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. WavpackSetConfiguration64, en pack_utils.c, en libwavpack.a, en WavPack hasta la versión 5.1.0, tiene una condición "Conditional jump or move depends on uninitialised value", que podría permitir a los atacantes causar una deneg... • https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4 • CWE-456: Missing Initialization of a Variable CWE-824: Access of Uninitialized Pointer •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-19840 – wawpack: Infinite loop in WavpackPackInit function lead to DoS
https://notcve.org/view.php?id=CVE-2018-19840
04 Dec 2018 — The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. La función WavpackPackInit en pack_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (agotamiento de recursos provocado por un bucle infinito) mediante un archivo ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-19841 – wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS
https://notcve.org/view.php?id=CVE-2018-19841
04 Dec 2018 — The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. La función WavpackVerifySingleBlock en open_utils.c en libwavpack.a en WavPack hasta la versión 5.1.0 permite que los atacantes provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un archivo WavPack... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-10536 – Slackware Security Advisory - wavpack Updates
https://notcve.org/view.php?id=CVE-2018-10536
29 Apr 2018 — An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. Se ha descubierto un problema en WavPack 5.1.0 y anteriores. El componente de analizador WAV contiene una vulnerabilidad que permite la escritura en la memoria debido a que ParseRiffHeaderConfig en riff.c no rechaza múltiples fragmentos de formato. Thuan Pham, Marcel Bohme, Andrew Santosa and Alex... • http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-10537 – Slackware Security Advisory - wavpack Updates
https://notcve.org/view.php?id=CVE-2018-10537
29 Apr 2018 — An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. Se ha descubierto un problema en WavPack 5.1.0 y anteriores. El componente de analizador W64 contiene una vulnerabilidad que permite la escritura en la memoria debido a que ParseWave64HeaderConfig en wave64.c no rechaza múltiples fragmentos de formato. Thuan Pham, Marcel Bohme, Andrew Santosa ... • http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-10538 – Slackware Security Advisory - wavpack Updates
https://notcve.org/view.php?id=CVE-2018-10538
29 Apr 2018 — An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. Se ha descubierto un problema en WavPack 5.1.0 y anteriores para las entradas WAV. Pueden ocurrir escrituras fuera de límites debido a ... • http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-10539 – Slackware Security Advisory - wavpack Updates
https://notcve.org/view.php?id=CVE-2018-10539
29 Apr 2018 — An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. Se ha descubierto un problema en WavPack 5.1.0 y anteriores para las entradas DSDiff. Pueden ocurrir escrituras fuera de límites... • http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html • CWE-787: Out-of-bounds Write •