The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.html
http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html
https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51
https://github.com/dbry/WavPack/issues/53
https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html
https://seclists.org/bugtraq/2019/Dec/37
Source: MITRE
Published: 2018-12-04
Updated: 2021-01-15
Type: CWE-835
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
OR
cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:* versions up to 5.1.0 (inclusive)
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
OR
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145884 | CentOS 8 : wavpack (CESA-2020:1581) | Nessus | CentOS Local Security Checks | medium |
145376 | openSUSE Security Update : wavpack (openSUSE-2021-154) | Nessus | SuSE Local Security Checks | medium |
145305 | openSUSE Security Update : wavpack (openSUSE-2021-153) | Nessus | SuSE Local Security Checks | medium |
145253 | SUSE SLED15 / SLES15 Security Update : wavpack (SUSE-SU-2021:0186-1) | Nessus | SuSE Local Security Checks | medium |
145167 | Debian DLA-2525-1 : wavpack security update | Nessus | Debian Local Security Checks | medium |
143789 | SUSE SLES12 Security Update : wavpack (SUSE-SU-2020:2727-1) | Nessus | SuSE Local Security Checks | medium |
143040 | RHEL 8 : wavpack (RHSA-2020:1581) | Nessus | Red Hat Local Security Checks | medium |
138942 | GLSA-202007-19 : WavPack: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
132878 | Fedora 31 : mingw-wavpack (2020-e55567b6be) | Nessus | Fedora Local Security Checks | medium |
132877 | Fedora 30 : mingw-wavpack (2020-73274c9df4) | Nessus | Fedora Local Security Checks | medium |
132333 | Slackware 14.0 / 14.1 / 14.2 / current : wavpack (SSA:2019-353-01) | Nessus | Slackware Local Security Checks | medium |
132215 | EulerOS 2.0 SP3 : wavpack (EulerOS-SA-2019-2680) | Nessus | Huawei Local Security Checks | medium |
128824 | EulerOS 2.0 SP5 : wavpack (EulerOS-SA-2019-1901) | Nessus | Huawei Local Security Checks | medium |
128797 | EulerOS 2.0 SP2 : wavpack (EulerOS-SA-2019-1874) | Nessus | Huawei Local Security Checks | medium |
128200 | EulerOS 2.0 SP8 : wavpack (EulerOS-SA-2019-1831) | Nessus | Huawei Local Security Checks | medium |
124472 | Fedora 30 : wavpack (2019-1315f2dc3a) | Nessus | Fedora Local Security Checks | medium |
124244 | Fedora 28 : wavpack (2019-235c682f35) | Nessus | Fedora Local Security Checks | medium |
124066 | Fedora 29 : wavpack (2019-88f264563f) | Nessus | Fedora Local Security Checks | medium |
123775 | openSUSE Security Update : wavpack (openSUSE-2019-1145) | Nessus | SuSE Local Security Checks | medium |
123453 | SUSE SLES11 Security Update : wavpack (SUSE-SU-2019:13990-1) | Nessus | SuSE Local Security Checks | medium |
123448 | SUSE SLED15 / SLES15 Security Update : wavpack (SUSE-SU-2019:0772-1) | Nessus | SuSE Local Security Checks | medium |