CVE-2018-19841 — Out-of-bounds Read in Wavpack

CWE-125 — Out-of-bounds Read11 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.6%

top 30.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wavpack Debian Wavpack Canonical Ubuntu Linux +3 more

Timeline

PublishedDec 4

Latest updateMay 13

Description

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/wavpack< wavpack 5.1.0-5 (bookworm)

▶Debianwavpack/wavpack< 5.1.0-5+3

▶Ubuntuwavpack/wavpack< 4.70.0-1ubuntu0.2+2

▶NVDwavpack/wavpack5.1.0

▶NVDopensuse/leap15.0

Also affects: Debian Linux 9.0, Fedora 28, 29, 30, 31, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9mrm-pr49-g65g: The function WavpackVerifySingleBlock in open_utils↗2022-05-13

▶

OSV

wavpack vulnerabilities↗2018-12-06

▶

OSV

CVE-2018-19841: The function WavpackVerifySingleBlock in open_utils↗2018-12-04

▶

📋Vendor Advisories

Ubuntu

WavPack vulnerabilities↗2018-12-06

▶

Red Hat

wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS↗2018-11-29

▶

Debian

CVE-2018-19841: wavpack - The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack...↗2018

▶

💬Community

Bugzilla

CVE-2018-19841 wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS↗2018-12-21

▶

Bugzilla

CVE-2018-19840 CVE-2018-19841 wavpack: various flaws [fedora-all]↗2018-12-21

▶

Bugzilla

CVE-2018-19840 CVE-2018-19841 mingw-wavpack: various flaws [epel-7]↗2018-12-21

▶

Bugzilla

CVE-2018-19840 CVE-2018-19841 mingw-wavpack: various flaws [fedora-all]↗2018-12-21

▶