Описание
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Отчет
This issue did not affect the versions of wavpack as shipped with Red Hat Enterprise Linux 6 and 7.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 6 | wavpack | Not affected | ||
Red Hat Enterprise Linux 7 | wavpack | Not affected | ||
Red Hat Enterprise Linux 8 | mingw-wavpack | Fix deferred | ||
Red Hat Enterprise Linux 8 | wavpack | Fixed | RHSA-2020:1581 | 28.04.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a ...
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Уязвимость функции WavpackVerifySingleBlock компонента open_utils.c аудиокодека WavPack, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3