PT-2018-3708 · Wavpack+7 · Wavpack+7

Hongxuchen

Published

2018-11-29

Updated

2024-06-15

CVE-2018-19841

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions WavPack versions through 5.1.0

Description The issue is related to the WavpackVerifySingleBlock function in the open utils.c component of the WavPack audio codec, which is associated with an out-of-bounds read of data buffer. This can be exploited by a remote attacker using a specially crafted WavPack lossless audio file, leading to a denial-of-service (application crash).

Recommendations For versions through 5.1.0, consider updating to a version that contains a fix for this issue, as using a specially crafted WavPack file can cause an application crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2020:1581

ALT-PU-2020-1107

ALT-PU-2020-2916

ALT-PU-2023-1392

BDU:2021-03455

CESA-2020_1581

CVE-2018-19841

DLA-2525-1

MGASA-2019-0045

OPENSUSE-SU-2019:1145-1

OPENSUSE-SU-2019_1145-1

OPENSUSE-SU-2021:0153-1

OPENSUSE-SU-2021:0154-1

OPENSUSE-SU-2021_0153-1

OPENSUSE-SU-2021_0154-1

OPENSUSE-SU-2024:11505-1

RHSA-2020:1581

RHSA-2020_1581

RLSA-2020:1581

SUSE-SU-2019:0772-1

SUSE-SU-2021:0186-1

USN-3839-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Wavpack

PT-2018-3708 · Wavpack+7 · Wavpack+7

CVE-2018-19841

Weakness Enumeration

Related Identifiers

Affected Products

References · 91