Описание
Security update for wavpack
This update for wavpack fixes the following issues:
Security issues fixed:
- CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930)
- CVE-2018-19841: Fixed a denial-of-service in the WavpackVerifySingleBlock function from open_utils.c (bsc#1120929)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libwavpack1-5.1.0-lp150.3.3.1
libwavpack1-32bit-5.1.0-lp150.3.3.1
wavpack-5.1.0-lp150.3.3.1
wavpack-devel-5.1.0-lp150.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1145-1
- SUSE Security Ratings
- SUSE Bug 1120929
- SUSE Bug 1120930
- SUSE CVE CVE-2018-19840 page
- SUSE CVE CVE-2018-19841 page
Описание
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
Затронутые продукты
openSUSE Leap 15.0:libwavpack1-32bit-5.1.0-lp150.3.3.1
openSUSE Leap 15.0:libwavpack1-5.1.0-lp150.3.3.1
openSUSE Leap 15.0:wavpack-5.1.0-lp150.3.3.1
openSUSE Leap 15.0:wavpack-devel-5.1.0-lp150.3.3.1
Ссылки
- CVE-2018-19840
- SUSE Bug 1120930
Описание
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Затронутые продукты
openSUSE Leap 15.0:libwavpack1-32bit-5.1.0-lp150.3.3.1
openSUSE Leap 15.0:libwavpack1-5.1.0-lp150.3.3.1
openSUSE Leap 15.0:wavpack-5.1.0-lp150.3.3.1
openSUSE Leap 15.0:wavpack-devel-5.1.0-lp150.3.3.1
Ссылки
- CVE-2018-19841
- SUSE Bug 1120929