PT-2019-5868 · Dbry+7 · Wavpack+7

Rohan Padhye

Publicado

2019-03-04

Atualizado

2024-06-15

CVE-2019-1010317

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions WavPack versions 5.1.0 and earlier

Description The issue is related to the use of uninitialized variables in the ParseCaffHeaderConfig function of the WavPack audio codec. This can be exploited by a remote attacker using a malicious .wav file, potentially leading to unexpected control flow, crashes, and segfaults. The component affected is ParseCaffHeaderConfig in the caff.c file.

Recommendations For WavPack versions 5.1.0 and earlier, update to a version after commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b to resolve the issue. As a temporary workaround, consider avoiding the use of .wav files from untrusted sources to minimize the risk of exploitation.

Exploit

Correção

Use of Uninitialized Resource

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-908CWE-457

Identificadores relacionados

ALSA-2020:1581

ALT-PU-2020-1107

ALT-PU-2020-2916

ALT-PU-2023-1392

BDU:2021-03439

CESA-2020_1581

CVE-2019-1010317

DLA-2525-1

MGASA-2019-0230

MGASA-2019-0231

OPENSUSE-SU-2024:11505-1

RHSA-2020:1581

RHSA-2020_1581

RLSA-2020:1581

USN-4062-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Ubuntu

Wavpack

PT-2019-5868 · Dbry+7 · Wavpack+7

CVE-2019-1010317

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 68