Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
17 vulnerabilities by WavPack
CVE-2022-2476 (GCVE-0-2022-2476)
Vulnerability from cvelistv5 – Published: 2022-07-19 00:00 – Updated: 2024-08-03 00:39
VLAI?
Summary
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/121"
},
{
"name": "FEDORA-2022-ca2f721916",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CK45CC7MQ54SHEIJ63PW3HP4BCPTX6QP/"
},
{
"name": "FEDORA-2022-c9c086b06f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMIXZWB3OURGBAEU3T5HQY56BN2ZVLYF/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavpack",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-24T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/dbry/WavPack/issues/121"
},
{
"name": "FEDORA-2022-ca2f721916",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CK45CC7MQ54SHEIJ63PW3HP4BCPTX6QP/"
},
{
"name": "FEDORA-2022-c9c086b06f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMIXZWB3OURGBAEU3T5HQY56BN2ZVLYF/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2476",
"datePublished": "2022-07-19T00:00:00.000Z",
"dateReserved": "2022-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:07.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44269 (GCVE-0-2021-44269)
Vulnerability from cvelistv5 – Published: 2022-03-10 16:13 – Updated: 2024-08-04 04:17
VLAI?
Summary
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/110"
},
{
"name": "FEDORA-2022-0fc7b22bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5/"
},
{
"name": "FEDORA-2022-737f020ede",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ/"
},
{
"name": "FEDORA-2022-7df99d9f80",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQKOOJRI2VAPYS3652HVDXON723HTXBP/"
},
{
"name": "FEDORA-2022-cece705cbf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO/"
},
{
"name": "FEDORA-2022-8e94ec2244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-05T18:06:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/110"
},
{
"name": "FEDORA-2022-0fc7b22bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5/"
},
{
"name": "FEDORA-2022-737f020ede",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ/"
},
{
"name": "FEDORA-2022-7df99d9f80",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQKOOJRI2VAPYS3652HVDXON723HTXBP/"
},
{
"name": "FEDORA-2022-cece705cbf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO/"
},
{
"name": "FEDORA-2022-8e94ec2244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/110",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/110"
},
{
"name": "FEDORA-2022-0fc7b22bcd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5/"
},
{
"name": "FEDORA-2022-737f020ede",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ/"
},
{
"name": "FEDORA-2022-7df99d9f80",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQKOOJRI2VAPYS3652HVDXON723HTXBP/"
},
{
"name": "FEDORA-2022-cece705cbf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO/"
},
{
"name": "FEDORA-2022-8e94ec2244",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44269",
"datePublished": "2022-03-10T16:13:27.000Z",
"dateReserved": "2021-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:17:24.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35738 (GCVE-0-2020-35738)
Vulnerability from cvelistv5 – Published: 2020-12-28 03:54 – Updated: 2024-08-04 17:09
VLAI?
Summary
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/91"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
},
{
"name": "FEDORA-2021-5c83efb61c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/"
},
{
"name": "FEDORA-2021-de45e7bb88",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/"
},
{
"name": "FEDORA-2021-2e2fc2eac6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/"
},
{
"name": "FEDORA-2021-b7826fcedf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-24T22:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/91"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
},
{
"name": "FEDORA-2021-5c83efb61c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/"
},
{
"name": "FEDORA-2021-de45e7bb88",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/"
},
{
"name": "FEDORA-2021-2e2fc2eac6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/"
},
{
"name": "FEDORA-2021-b7826fcedf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/91",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/91"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
},
{
"name": "FEDORA-2021-5c83efb61c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/"
},
{
"name": "FEDORA-2021-de45e7bb88",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/"
},
{
"name": "FEDORA-2021-2e2fc2eac6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/"
},
{
"name": "FEDORA-2021-b7826fcedf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35738",
"datePublished": "2020-12-28T03:54:10.000Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:09:15.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010315 (GCVE-0-2019-1010315)
Vulnerability from cvelistv5 – Published: 2019-07-11 19:34 – Updated: 2024-08-05 03:07
VLAI?
Summary
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.
Severity ?
No CVSS data available.
CWE
- CWE 369: Divide by Zero
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/65"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc"
},
{
"name": "USN-4062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WavPack",
"vendor": "WavPack",
"versions": [
{
"status": "affected",
"version": "\u003c=5.1 [fixed: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 369: Divide by Zero",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T12:06:15.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/65"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc"
},
{
"name": "USN-4062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WavPack",
"version": {
"version_data": [
{
"version_value": "\u003c=5.1 [fixed: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc]"
}
]
}
}
]
},
"vendor_name": "WavPack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 369: Divide by Zero"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/65",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/65"
},
{
"name": "https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc"
},
{
"name": "USN-4062-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010315",
"datePublished": "2019-07-11T19:34:35.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010317 (GCVE-0-2019-1010317)
Vulnerability from cvelistv5 – Published: 2019-07-11 19:24 – Updated: 2024-08-05 03:07
VLAI?
Summary
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.
Severity ?
No CVSS data available.
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b"
},
{
"name": "USN-4062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2019-c72f5f6361",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYESOAZ6Z6IG4BQBURL6OUY6P4YB6SKS/"
},
{
"name": "FEDORA-2019-8eeb8f9d3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WavPack",
"vendor": "WavPack",
"versions": [
{
"status": "affected",
"version": "5.1.0 and earlier [fixed: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T12:06:12.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b"
},
{
"name": "USN-4062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2019-c72f5f6361",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYESOAZ6Z6IG4BQBURL6OUY6P4YB6SKS/"
},
{
"name": "FEDORA-2019-8eeb8f9d3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WavPack",
"version": {
"version_data": [
{
"version_value": "5.1.0 and earlier [fixed: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b]"
}
]
}
}
]
},
"vendor_name": "WavPack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457: Use of Uninitialized Variable"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/66",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/66"
},
{
"name": "https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b"
},
{
"name": "USN-4062-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2019-c72f5f6361",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYESOAZ6Z6IG4BQBURL6OUY6P4YB6SKS/"
},
{
"name": "FEDORA-2019-8eeb8f9d3f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010317",
"datePublished": "2019-07-11T19:24:40.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010319 (GCVE-0-2019-1010319)
Vulnerability from cvelistv5 – Published: 2019-07-11 19:23 – Updated: 2024-08-05 03:14
VLAI?
Summary
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
Severity ?
No CVSS data available.
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe"
},
{
"name": "USN-4062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2019-c72f5f6361",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYESOAZ6Z6IG4BQBURL6OUY6P4YB6SKS/"
},
{
"name": "FEDORA-2019-8eeb8f9d3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WavPack",
"vendor": "WavPack",
"versions": [
{
"status": "affected",
"version": "\u003c=5.1.0 [fixed: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T12:06:14.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe"
},
{
"name": "USN-4062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2019-c72f5f6361",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYESOAZ6Z6IG4BQBURL6OUY6P4YB6SKS/"
},
{
"name": "FEDORA-2019-8eeb8f9d3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WavPack",
"version": {
"version_data": [
{
"version_value": "\u003c=5.1.0 [fixed: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe]"
}
]
}
}
]
},
"vendor_name": "WavPack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457: Use of Uninitialized Variable"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/68",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/68"
},
{
"name": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe"
},
{
"name": "USN-4062-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4062-1/"
},
{
"name": "FEDORA-2019-c72f5f6361",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYESOAZ6Z6IG4BQBURL6OUY6P4YB6SKS/"
},
{
"name": "FEDORA-2019-8eeb8f9d3f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010319",
"datePublished": "2019-07-11T19:23:29.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:14:15.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11498 (GCVE-0-2019-11498)
Vulnerability from cvelistv5 – Published: 2019-04-24 04:03 – Updated: 2024-08-04 22:55
VLAI?
Summary
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/67"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4"
},
{
"name": "USN-3960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3960-1/"
},
{
"name": "FEDORA-2019-52145aa7ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON/"
},
{
"name": "FEDORA-2019-b8a704ff4b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T12:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/67"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4"
},
{
"name": "USN-3960-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3960-1/"
},
{
"name": "FEDORA-2019-52145aa7ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON/"
},
{
"name": "FEDORA-2019-b8a704ff4b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/67",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/67"
},
{
"name": "https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4"
},
{
"name": "USN-3960-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3960-1/"
},
{
"name": "FEDORA-2019-52145aa7ca",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON/"
},
{
"name": "FEDORA-2019-b8a704ff4b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11498",
"datePublished": "2019-04-24T04:03:05.000Z",
"dateReserved": "2019-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19840 (GCVE-0-2018-19840)
Vulnerability from cvelistv5 – Published: 2018-12-04 09:00 – Updated: 2024-08-05 11:44
VLAI?
Summary
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51"
},
{
"name": "USN-3839-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3839-1/"
},
{
"name": "openSUSE-SU-2019:1145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
},
{
"name": "FEDORA-2019-1315f2dc3a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22/"
},
{
"name": "FEDORA-2019-88f264563f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT/"
},
{
"name": "FEDORA-2019-235c682f35",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T12:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51"
},
{
"name": "USN-3839-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3839-1/"
},
{
"name": "openSUSE-SU-2019:1145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
},
{
"name": "FEDORA-2019-1315f2dc3a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22/"
},
{
"name": "FEDORA-2019-88f264563f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT/"
},
{
"name": "FEDORA-2019-235c682f35",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/53",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/53"
},
{
"name": "https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51"
},
{
"name": "USN-3839-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3839-1/"
},
{
"name": "openSUSE-SU-2019:1145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
},
{
"name": "FEDORA-2019-1315f2dc3a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22/"
},
{
"name": "FEDORA-2019-88f264563f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT/"
},
{
"name": "FEDORA-2019-235c682f35",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19840",
"datePublished": "2018-12-04T09:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:44:20.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19841 (GCVE-0-2018-19841)
Vulnerability from cvelistv5 – Published: 2018-12-04 09:00 – Updated: 2024-08-05 11:44
VLAI?
Summary
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/54"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b"
},
{
"name": "USN-3839-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3839-1/"
},
{
"name": "openSUSE-SU-2019:1145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
},
{
"name": "FEDORA-2019-1315f2dc3a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22/"
},
{
"name": "FEDORA-2019-88f264563f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT/"
},
{
"name": "FEDORA-2019-235c682f35",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T12:06:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/54"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b"
},
{
"name": "USN-3839-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3839-1/"
},
{
"name": "openSUSE-SU-2019:1145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
},
{
"name": "FEDORA-2019-1315f2dc3a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22/"
},
{
"name": "FEDORA-2019-88f264563f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT/"
},
{
"name": "FEDORA-2019-235c682f35",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/54",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/54"
},
{
"name": "https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b"
},
{
"name": "USN-3839-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3839-1/"
},
{
"name": "openSUSE-SU-2019:1145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html"
},
{
"name": "FEDORA-2019-1315f2dc3a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22/"
},
{
"name": "FEDORA-2019-88f264563f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT/"
},
{
"name": "FEDORA-2019-235c682f35",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"name": "GLSA-202007-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-19"
},
{
"name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19841",
"datePublished": "2018-12-04T09:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:44:20.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10539 (GCVE-0-2018-10539)
Vulnerability from cvelistv5 – Published: 2018-04-29 15:00 – Updated: 2024-08-05 07:39
VLAI?
Summary
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2018-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T01:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10539",
"datePublished": "2018-04-29T15:00:00.000Z",
"dateReserved": "2018-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:39:07.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10536 (GCVE-0-2018-10536)
Vulnerability from cvelistv5 – Published: 2018-04-29 15:00 – Updated: 2024-08-05 07:39
VLAI?
Summary
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2018-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/32"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/31"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T01:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/32"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/31"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/32",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/32"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "https://github.com/dbry/WavPack/issues/31",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/31"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/issues/30",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/30"
},
{
"name": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10536",
"datePublished": "2018-04-29T15:00:00.000Z",
"dateReserved": "2018-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:39:08.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10538 (GCVE-0-2018-10538)
Vulnerability from cvelistv5 – Published: 2018-04-29 15:00 – Updated: 2024-08-05 07:39
VLAI?
Summary
An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2018-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T01:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10538",
"datePublished": "2018-04-29T15:00:00.000Z",
"dateReserved": "2018-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:39:08.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10537 (GCVE-0-2018-10537)
Vulnerability from cvelistv5 – Published: 2018-04-29 15:00 – Updated: 2024-08-05 07:39
VLAI?
Summary
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2018-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/32"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/31"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T01:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/32"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/31"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/32",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/32"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "https://github.com/dbry/WavPack/issues/31",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/31"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/issues/30",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/30"
},
{
"name": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10537",
"datePublished": "2018-04-29T15:00:00.000Z",
"dateReserved": "2018-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:39:08.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10540 (GCVE-0-2018-10540)
Vulnerability from cvelistv5 – Published: 2018-04-29 15:00 – Updated: 2024-08-05 07:39
VLAI?
Summary
An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2018-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T01:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10540",
"datePublished": "2018-04-29T15:00:00.000Z",
"dateReserved": "2018-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:39:07.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7254 (GCVE-0-2018-7254)
Vulnerability from cvelistv5 – Published: 2018-02-19 23:00 – Updated: 2024-08-05 06:24
VLAI?
Summary
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2018-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e"
},
{
"name": "USN-3578-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3578-1/"
},
{
"name": "DSA-4125",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274"
},
{
"name": "44154",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44154/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-21T08:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e"
},
{
"name": "USN-3578-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3578-1/"
},
{
"name": "DSA-4125",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274"
},
{
"name": "44154",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44154/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e"
},
{
"name": "USN-3578-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3578-1/"
},
{
"name": "DSA-4125",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"name": "https://github.com/dbry/WavPack/issues/26",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/26"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274"
},
{
"name": "44154",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44154/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7254",
"datePublished": "2018-02-19T23:00:00.000Z",
"dateReserved": "2018-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7253 (GCVE-0-2018-7253)
Vulnerability from cvelistv5 – Published: 2018-02-19 23:00 – Updated: 2024-08-05 06:24
VLAI?
Summary
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2018-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3578-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3578-1/"
},
{
"name": "DSA-4125",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-21T08:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3578-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3578-1/"
},
{
"name": "DSA-4125",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3578-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3578-1/"
},
{
"name": "DSA-4125",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"name": "https://github.com/dbry/WavPack/issues/28",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/28"
},
{
"name": "https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7253",
"datePublished": "2018-02-19T23:00:00.000Z",
"dateReserved": "2018-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6767 (GCVE-0-2018-6767)
Vulnerability from cvelistv5 – Published: 2018-02-06 22:00 – Updated: 2024-08-05 06:10
VLAI?
Summary
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2018-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4125",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276"
},
{
"name": "USN-3568-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3568-1/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-21T08:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4125",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dbry/WavPack/issues/27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276"
},
{
"name": "USN-3568-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3568-1/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4125",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4125"
},
{
"name": "https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5",
"refsource": "CONFIRM",
"url": "https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5"
},
{
"name": "https://github.com/dbry/WavPack/issues/27",
"refsource": "CONFIRM",
"url": "https://github.com/dbry/WavPack/issues/27"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276"
},
{
"name": "USN-3568-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3568-1/"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6767",
"datePublished": "2018-02-06T22:00:00.000Z",
"dateReserved": "2018-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:11.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}