Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1010315

Опубликовано: 12 июл. 2019
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.

Отчет

This issue affects WackPack version as shipped with Red Hat Enterprise Linux 8 and was classified with 'Low' security impact by Red Hat Product Security team. Red Hat Enterprise Linux 6 and 7 are not affected as WavPack shipped with both system versions doesn't provide support for DSD files.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6wavpackNot affected
Red Hat Enterprise Linux 7wavpackNot affected
Red Hat Enterprise Linux 8mingw-wavpackFix deferred
Red Hat Enterprise Linux 8wavpackFixedRHSA-2020:158128.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-369
https://bugzilla.redhat.com/show_bug.cgi?id=1729418wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash

EPSS

Процентиль: 69%
0.00625
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1010315

CVSS3: 5.5
ubuntu
около 6 лет назад

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.

nvd логотип

CVE-2019-1010315

CVSS3: 5.5
nvd
около 6 лет назад

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.

debian логотип

CVE-2019-1010315

CVSS3: 5.5
debian
около 6 лет назад

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The i ...

github логотип

GHSA-4jm9-v433-wx3f

CVSS3: 5.5
github
около 3 лет назад

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.

fstec логотип

BDU:2021-03438

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость функции ParseDsdiffHeaderConfig компонента dsdiff.c аудиокодека WavPack, связанная с делением на ноль, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 69%
0.00625
Низкий

4.3 Medium

CVSS3