WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
https://github.com/dbry/WavPack/issues/67
https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html
Source: MITRE
Published: 2019-04-24
Updated: 2021-01-15
Type: CWE-824
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
OR
cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:* versions up to 5.1.0 (inclusive)
OR
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145884 | CentOS 8 : wavpack (CESA-2020:1581) | Nessus | CentOS Local Security Checks | medium |
145376 | openSUSE Security Update : wavpack (openSUSE-2021-154) | Nessus | SuSE Local Security Checks | medium |
145305 | openSUSE Security Update : wavpack (openSUSE-2021-153) | Nessus | SuSE Local Security Checks | medium |
145253 | SUSE SLED15 / SLES15 Security Update : wavpack (SUSE-SU-2021:0186-1) | Nessus | SuSE Local Security Checks | medium |
145167 | Debian DLA-2525-1 : wavpack security update | Nessus | Debian Local Security Checks | medium |
143040 | RHEL 8 : wavpack (RHSA-2020:1581) | Nessus | Red Hat Local Security Checks | medium |
138942 | GLSA-202007-19 : WavPack: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
132878 | Fedora 31 : mingw-wavpack (2020-e55567b6be) | Nessus | Fedora Local Security Checks | medium |
132877 | Fedora 30 : mingw-wavpack (2020-73274c9df4) | Nessus | Fedora Local Security Checks | medium |
130831 | EulerOS 2.0 SP8 : wavpack (EulerOS-SA-2019-2122) | Nessus | Huawei Local Security Checks | medium |
128537 | openSUSE Security Update : wavpack (openSUSE-2019-2067) | Nessus | SuSE Local Security Checks | medium |
128073 | SUSE SLED15 / SLES15 Security Update : wavpack (SUSE-SU-2019:2191-1) | Nessus | SuSE Local Security Checks | medium |
125686 | Fedora 29 : wavpack (2019-b8a704ff4b) | Nessus | Fedora Local Security Checks | medium |
125319 | Fedora 30 : wavpack (2019-52145aa7ca) | Nessus | Fedora Local Security Checks | medium |