PT-2019-5867 · Dbry+6 · Wavpack+6

Rohan Padhye

Published

2019-03-03

Updated

2024-06-15

CVE-2019-1010315

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions WavPack versions 5.1 and earlier

Description The issue is related to a division by zero error in the ParseDsdiffHeaderConfig function of the dsdiff.c component in the WavPack audio codec. This can be exploited by a remote attacker using a malicious .wav file, leading to a denial of service through a crash. The component affected is ParseDsdiffHeaderConfig, and the attack vector involves a maliciously crafted .wav file.

Recommendations For WavPack versions 5.1 and earlier, update to a version after the commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc to resolve the issue. As a temporary workaround, consider restricting the use of malicious .wav files to minimize the risk of exploitation.

Exploit

Fix

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALSA-2020:1581

ALT-PU-2020-1107

ALT-PU-2020-2916

ALT-PU-2023-1392

BDU:2021-03438

CESA-2020_1581

CVE-2019-1010315

DLA-2525-1

MGASA-2019-0230

MGASA-2019-0231

OPENSUSE-SU-2024:11505-1

RHSA-2020:1581

RHSA-2020_1581

RLSA-2020:1581

USN-4062-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Ubuntu

Wavpack

PT-2019-5867 · Dbry+6 · Wavpack+6

CVE-2019-1010315

Weakness Enumeration

Related Identifiers

Affected Products

References · 63