PT-2018-3708 · Wavpack+7 · Wavpack+7

Hongxuchen

Publicado

2018-11-29

Atualizado

2024-06-15

CVE-2018-19841

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions WavPack versions through 5.1.0

Description The issue is related to the WavpackVerifySingleBlock function in the open utils.c component of the WavPack audio codec, which is associated with an out-of-bounds read of data buffer. This can be exploited by a remote attacker using a specially crafted WavPack lossless audio file, leading to a denial-of-service (application crash).

Recommendations For versions through 5.1.0, consider updating to a version that contains a fix for this issue, as using a specially crafted WavPack file can cause an application crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2020:1581

ALT-PU-2020-1107

ALT-PU-2020-2916

ALT-PU-2023-1392

BDU:2021-03455

CESA-2020_1581

CVE-2018-19841

DLA-2525-1

MGASA-2019-0045

OPENSUSE-SU-2019:1145-1

OPENSUSE-SU-2019_1145-1

OPENSUSE-SU-2021:0153-1

OPENSUSE-SU-2021:0154-1

OPENSUSE-SU-2021_0153-1

OPENSUSE-SU-2021_0154-1

OPENSUSE-SU-2024:11505-1

RHSA-2020:1581

RHSA-2020_1581

RLSA-2020:1581

SUSE-SU-2019:0772-1

SUSE-SU-2021:0186-1

USN-3839-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Wavpack

PT-2018-3708 · Wavpack+7 · Wavpack+7

CVE-2018-19841

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 91