WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Oct 2022, 13:44
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
|
| References | (GENTOO) https://security.gentoo.org/glsa/202007-19 - Third Party Advisory | |
| References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON/ - Mailing List, Third Party Advisory | |
| References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/ - Mailing List, Third Party Advisory | |
| References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/ - Mailing List, Third Party Advisory | |
| References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/ - Mailing List, Third Party Advisory | |
| References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html - Mailing List, Third Party Advisory |
Information
Published : 2019-04-24 05:29
Updated : 2024-02-04 20:20
NVD link : CVE-2019-11498
Mitre link : CVE-2019-11498
CVE.ORG link : CVE-2019-11498
JSON object : View
Products Affected
canonical
- ubuntu_linux
wavpack
- wavpack
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-824
Access of Uninitialized Pointer