Описание
Security update for wavpack
This update for wavpack fixes the following issues:
Security issues fixed:
- CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libwavpack1-4.50.1-1.30.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libwavpack1-4.50.1-1.30.1
SUSE Linux Enterprise Software Development Kit 11 SP4
wavpack-4.50.1-1.30.1
wavpack-devel-4.50.1-1.30.1
Ссылки
- Link for SUSE-SU-2019:13990-1
- E-Mail link for SUSE-SU-2019:13990-1
- SUSE Security Ratings
- SUSE Bug 1120930
- SUSE CVE CVE-2018-19840 page
Описание
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libwavpack1-4.50.1-1.30.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwavpack1-4.50.1-1.30.1
SUSE Linux Enterprise Software Development Kit 11 SP4:wavpack-4.50.1-1.30.1
SUSE Linux Enterprise Software Development Kit 11 SP4:wavpack-devel-4.50.1-1.30.1
Ссылки
- CVE-2018-19840
- SUSE Bug 1120930