Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-44269

Опубликовано: 23 нояб. 2021
Источник: redhat
CVSS3: 3.5
EPSS Низкий

Описание

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

A heap out-of-bounds read flaw was found in WavPacks' WavpackPackSamples() function of src/pack_utils.c and only affects the command-line program of WavPack (not libwavpack). This flaw allows an attacker to exploit this flaw for a website that uses the WavPack command-line program on user-provided files, causing a denial of service.

Отчет

Red Hat Product Security has rated this issue as having a Low security impact, and since Red Hat Enterprise Linux 6, 7 are Out-of-Support-Scope, the issue is not currently planned to be addressed in future updates. Only Important and Critical severity flaws will be addressed at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6wavpackOut of support scope
Red Hat Enterprise Linux 7wavpackOut of support scope
Red Hat Enterprise Linux 8wavpackFixedRHSA-2022:755808.11.2022
Red Hat Enterprise Linux 9wavpackFixedRHSA-2022:813915.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2064457wavpack: Heap out-of-bounds read in WavpackPackSamples()

EPSS

Процентиль: 20%
0.00064
Низкий

3.5 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-44269

CVSS3: 5.5
ubuntu
больше 3 лет назад

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

nvd логотип

CVE-2021-44269

CVSS3: 5.5
nvd
больше 3 лет назад

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

debian логотип

CVE-2021-44269

CVSS3: 5.5
debian
больше 3 лет назад

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV f ...

suse-cvrf логотип

openSUSE-SU-2022:0954-1

suse-cvrf
больше 3 лет назад

Security update for wavpack

suse-cvrf логотип

SUSE-SU-2022:0954-1

suse-cvrf
больше 3 лет назад

Security update for wavpack

EPSS

Процентиль: 20%
0.00064
Низкий

3.5 Low

CVSS3

Уязвимость CVE-2021-44269