CVE-2019-1010317 — Use of Uninitialized Variable in Wavpack

CWE-457 — Use of Uninitialized Variable CWE-908 — Use of Uninitialized Resource CWE-20 — Improper Input Validation CWE-665 — Improper Initialization11 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

1.5%

top 18.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wavpack Debian Wavpack Canonical Ubuntu Linux +2 more

Timeline

PublishedJul 11

Latest updateMay 24

Description

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/wavpack< wavpack 5.1.0-7 (bookworm)

▶Debianwavpack/wavpack< 5.1.0-7+3

▶Ubuntuwavpack/wavpack< 5.1.0-2ubuntu1.4

▶NVDwavpack/wavpack5.1.0

▶CVEListV5wavpack/wavpack5.1.0 and earlier [fixed: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b]

Also affects: Debian Linux 9.0, Fedora 29, 30, 31, Ubuntu Linux 18.04, 19.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7wf6-38w5-gjg5: WavPack 5↗2022-05-24

▶

OSV

wavpack vulnerabilities↗2019-07-16

▶

OSV

CVE-2019-1010317: WavPack 5↗2019-07-11

▶

📋Vendor Advisories

Red Hat

wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS↗2019-08-06

▶

Ubuntu

WavPack vulnerabilities↗2019-07-16

▶

Debian

CVE-2019-1010317: wavpack - WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable...↗2019

▶

💬Community

Bugzilla

CVE-2019-1010317 mingw-wavpack: wavpack: use of uninitialized variable in ParseCaffHeaderConfig leads to DoS [epel-7]↗2019-08-06

▶

Bugzilla

CVE-2019-1010317 wavpack: use of uninitialized variable in ParseCaffHeaderConfig leads to DoS [fedora-all]↗2019-08-06

▶

Bugzilla

CVE-2019-1010317 wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS↗2019-08-06

▶

Bugzilla

CVE-2019-1010317 mingw-wavpack: wavpack: use of uninitialized variable in ParseCaffHeaderConfig leads to DoS [fedora-all]↗2019-08-06

▶