CVE-2019-1010315Divide By Zero in Wavpack

CWE-369Divide By Zero12 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.8%
top 26.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
WavpackDebian WavpackCanonical Ubuntu Linux+2 more
Timeline
PublishedJul 11
Latest updateJan 20

Description

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/wavpack< wavpack 5.1.0-6 (bookworm)
Debianwavpack/wavpack< 5.1.0-6+3
Ubuntuwavpack/wavpack< 5.1.0-2ubuntu1.4
NVDwavpack/wavpack5.1.0
CVEListV5wavpack/wavpack<=5.1 [fixed: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc]

Also affects: Debian Linux 9.0, Fedora 30, 31, Ubuntu Linux 18.04, 19.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-4jm9-v433-wx3f: WavPack 52022-05-24
OSV
wavpack vulnerabilities2019-07-16
OSV
CVE-2019-1010315: WavPack 52019-07-11

📋Vendor Advisories

3
Ubuntu
WavPack vulnerabilities2019-07-16
Red Hat
wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash2019-07-12
Debian
CVE-2019-1010315: wavpack - WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: ...2019

📄Research Papers

1
arXiv
On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities2024-01-20

💬Community

4
Bugzilla
CVE-2019-1010315 wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash2019-07-12
Bugzilla
CVE-2019-1010315 mingw-wavpack: WavPack: divide by zero in ParseDsdiffHeaderConfig leads to crash [epel-7]2019-07-12
Bugzilla
CVE-2019-1010315 wavpack: divide by zero in ParseDsdiffHeaderConfig leads to crash [fedora-all]2019-07-12
Bugzilla
CVE-2019-1010315 mingw-wavpack: WavPack: divide by zero in ParseDsdiffHeaderConfig leads to crash [fedora-all]2019-07-12