WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 04:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe - Patch, Third Party Advisory | |
References | () https://github.com/dbry/WavPack/issues/68 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYESOAZ6Z6IG4BQBURL6OUY6P4YB6SKS/ - | |
References | () https://usn.ubuntu.com/4062-1/ - Third Party Advisory |
Information
Published : 2019-07-11 20:15
Updated : 2024-11-21 04:18
NVD link : CVE-2019-1010319
Mitre link : CVE-2019-1010319
CVE.ORG link : CVE-2019-1010319
JSON object : View
Products Affected
wavpack
- wavpack
canonical
- ubuntu_linux
fedoraproject
- fedora
debian
- debian_linux