Zhangdeyue

Name of the Vulnerable Software and Affected Versions: Python versions through 3.6.4 Description: The issue concerns the `Wave read. read fmt chunk` function in `Lib/wave.py`, which does not ensure a nonzero channel value. This allows attackers to cause a denial of service via a crafted wav format audio file, resulting in a divide-by-zero error and exception. The vendor disputes this issue, stating that Python applications need to be prepared to handle a wide variety of exceptions. Recommendations: For Python versions through 3.6.4, consider adding exception handling to manage potential divide-by-zero errors when processing wav format audio files. As a temporary workaround, consider implementing checks to ensure nonzero channel values before performing operations that could lead to division by zero. At the moment, there is no information about a newer version that contains a fix for this vulnerability.