Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1010317

Опубликовано: 06 авг. 2019
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

Отчет

This issue affects wavpack versions as shipped with Red Hat Enterprise Linux 8. The security impact for this flaw was calculated as 'Low' by the Red Hat Product Security Team. Previous Red Hat Enterprise Linux versions are not affected as wavpack shipped with it doesn't support CAF file format, which is needed to reach the code where the flaw resides at.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6wavpackNot affected
Red Hat Enterprise Linux 7wavpackNot affected
Red Hat Enterprise Linux 8wavpackFixedRHSA-2020:158128.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20->CWE-665
https://bugzilla.redhat.com/show_bug.cgi?id=1737747wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS

EPSS

Процентиль: 77%
0.01041
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1010317

CVSS3: 5.5
ubuntu
около 6 лет назад

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

nvd логотип

CVE-2019-1010317

CVSS3: 5.5
nvd
около 6 лет назад

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

debian логотип

CVE-2019-1010317

CVSS3: 5.5
debian
около 6 лет назад

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...

github логотип

GHSA-7wf6-38w5-gjg5

CVSS3: 5.5
github
около 3 лет назад

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

fstec логотип

BDU:2021-03439

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость функции ParseCaffHeaderConfig компонента caff.c аудиокодека WavPack, связанная с использованием неинициализированных ранее переменных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%
0.01041
Низкий

3.3 Low

CVSS3