CVE-2022-2476NULL Pointer Dereference in Wavpack

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WavpackDebian WavpackFedoraproject Fedora+1 more
Timeline
PublishedJul 19
Latest updateNov 10

Description

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_m

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/wavpack< wavpack 5.5.0-1 (bookworm)
Debianwavpack/wavpack< 5.5.0-1+2
CVEListV5wavpack/wavpack5.5.0
NVDwavpack/wavpack5.4.0

Also affects: Fedora 35, 36

🔴Vulnerability Details

2
GHSA
GHSA-62q3-hj99-8qw6: A null pointer dereference bug was found in wavpack-52022-07-20
OSV
CVE-2022-2476: A null pointer dereference bug was found in wavpack-52022-07-19

📋Vendor Advisories

4
Ubuntu
WavPack vulnerability2022-11-10
Red Hat
wavpack: null pointer dereference in main() in cli/wvunpack.c2022-07-19
Microsoft
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: 2022-07-12
Debian
CVE-2022-2476: wavpack - A null pointer dereference bug was found in wavpack-5.4.0 The results from the A...2022