PT-2019-5867 · Dbry+6 · Wavpack+6

Rohan Padhye

Publicado

2019-03-03

Atualizado

2024-06-15

CVE-2019-1010315

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions WavPack versions 5.1 and earlier

Description The issue is related to a division by zero error in the ParseDsdiffHeaderConfig function of the dsdiff.c component in the WavPack audio codec. This can be exploited by a remote attacker using a malicious .wav file, leading to a denial of service through a crash. The component affected is ParseDsdiffHeaderConfig, and the attack vector involves a maliciously crafted .wav file.

Recommendations For WavPack versions 5.1 and earlier, update to a version after the commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc to resolve the issue. As a temporary workaround, consider restricting the use of malicious .wav files to minimize the risk of exploitation.

Exploit

Correção

Divide By Zero

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-369

Identificadores relacionados

ALSA-2020:1581

ALT-PU-2020-1107

ALT-PU-2020-2916

ALT-PU-2023-1392

BDU:2021-03438

CESA-2020_1581

CVE-2019-1010315

DLA-2525-1

MGASA-2019-0230

MGASA-2019-0231

OPENSUSE-SU-2024:11505-1

RHSA-2020:1581

RHSA-2020_1581

RLSA-2020:1581

USN-4062-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Ubuntu

Wavpack

PT-2019-5867 · Dbry+6 · Wavpack+6

CVE-2019-1010315

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 63