Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1010319

Опубликовано: 06 авг. 2019
Источник: redhat
CVSS3: 2.5
EPSS Низкий

Описание

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.

Отчет

This issue affects the versions of wavpack as shipped with Red Hat Enterprise Linux 8. This flaw has been classified as 'Low' regarding the security impact by the Red Hat Product Security Team. Red Hat Enterprise Linux versions prior than the mentioned before are not affected as wavpack shipped with those versions doesn't support the file format required.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6wavpackNot affected
Red Hat Enterprise Linux 7wavpackNot affected
Red Hat Enterprise Linux 8wavpackFixedRHSA-2020:158128.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-665->CWE-369
https://bugzilla.redhat.com/show_bug.cgi?id=1737740wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS

EPSS

Процентиль: 76%
0.01041
Низкий

2.5 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1010319

CVSS3: 5.5
ubuntu
около 6 лет назад

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.

nvd логотип

CVE-2019-1010319

CVSS3: 5.5
nvd
около 6 лет назад

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.

debian логотип

CVE-2019-1010319

CVSS3: 5.5
debian
около 6 лет назад

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...

github логотип

GHSA-m7x8-vqr5-hrmv

github
около 3 лет назад

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.

fstec логотип

BDU:2021-03440

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость функции ParseWave64HeaderConfig компонента wave64.c аудиокодека WavPack, связанная с использованием неинициализированных ранее переменных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 76%
0.01041
Низкий

2.5 Low

CVSS3