CVE-2019-1010319 — Use of Uninitialized Variable in Wavpack
Severity
5.5MEDIUMNVD
EPSS
1.5%
top 18.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 11
Latest updateMay 24
Description
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5wavpack/wavpack<=5.1.0 [fixed: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe]
Also affects: Debian Linux 9.0, Fedora 29, 30, 31, Ubuntu Linux 18.04, 19.04
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2019-1010319 wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS↗2019-08-06
Bugzilla▶
CVE-2019-1010319 wavpack: use of uninitialized variable in ParseWave64HeaderConfig leads to DoS [fedora-all]↗2019-08-06
Bugzilla▶
CVE-2019-1010319 mingw-wavpack: wavpack: use of uninitialized variable in ParseWave64HeaderConfig leads to DoS [epel-7]↗2019-08-06
Bugzilla▶
CVE-2019-1010319 mingw-wavpack: wavpack: use of uninitialized variable in ParseWave64HeaderConfig leads to DoS [fedora-all]↗2019-08-06