Advisory ROSA-SA-2021-1995

Software: wavpack 4.60.1
OS: Cobalt 7.9

CVE-ID: CVE-2016-10169
CVE-Crit: MEDIUM
CVE-DESC: The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (read out of range) via a crafted WV file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10170
CVE-Crit: MEDIUM
CVE-DESC: The WriteCaffHeader function in cli / caff.c in Wavpack before version 5.1.0 allows remote attackers to cause a denial of service (read out of range) via a crafted WV file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10171
CVE-Crit: MEDIUM
CVE-DESC: The unreorder_channels function in cli / wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (read out of range) via a crafted WV file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10172
CVE-Crit: MEDIUM
CVE-DESC: The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (read out of range) via a crafted WV file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10536
CVE-Crit: HIGH
CVE-DESC: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject fragments of multiple formats.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10537
CVE-Crit: HIGH
CVE-DESC: The issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows write-to-memory because ParseWave64HeaderConfig in wave64.c does not reject fragments of multiple formats.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10538
CVE-Crit: MEDIUM
CVE-DESC: in WavPack 5.1.0 and earlier, there was a problem for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not check the size of unknown fragments before attempting to allocate memory, due to the lack of integer overflow protection in the bytes_to_copy calculation and subsequent call to malloc, resulting in insufficient memory allocation .
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10539
CVE-Crit: MEDIUM
CVE-DESC: In WavPack 5.1.0 and earlier, a problem was discovered for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not check the size of unknown fragments before attempting to allocate memory, which is due to the lack of integer overflow protection in the bytes_to_copy calculation and subsequent call to malloc, resulting in insufficient memory allocation .
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10540
CVE-Crit: MEDIUM
CVE-DESC: a problem was found in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not check the size of unknown fragments before attempting to allocate memory, due to the lack of integer overflow protection in the bytes_to_copy calculation and subsequent call to malloc, resulting in insufficient memory allocation .
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19840
CVE-Crit: MEDIUM
CVE-DESC: The WavpackPackInit function in pack_utils.c in libwavpack.a in WavPack before 5.1.0 allows attackers to cause a denial of service (resource exhaustion caused by an infinite loop) via a created wav audio file because WavpackSetConfiguration64 incorrectly handles sample rate zero.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19841.
CVE-Crit: MEDIUM
CVE-DESC: The WavpackVerifySingleBlock function in open_utils.c in libwavpack.a in WavPack before 5.1.0 allows attackers to cause a denial of service (read out of range and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-1010315
CVE-Crit: MEDIUM
CVE-DESC: WavPack 5.1 and earlier versions are affected by: CWE 369: Divide by Zero. The consequences are as follows: division by zero can cause a program / service that is trying to analyze a .wav file to suddenly crash. This is component: ParseDsdiffHeaderConfig (dsdiff.c: 282). Attack vector: Malicious .wav file. Fixed Version: After fixing https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2019-1010317
CVE-Crit: MEDIUM
CVE-DESC: WavPack 5.1.0 and earlier versions are affected by: CWE-457: Use of an uninitialized variable. Consequences: unexpected control flow, crashes and failures. Component: ParseCaffHeaderConfig (caff.c: 486). Attack vector: Malicious .wav file. Fixed Version: After fixing https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2019-11498
CVE-Crit: MEDIUM
CVE-DESC: WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack before 5.1.0 has a “Conditional transition or move depends on an uninitialized value” condition that could allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample rate data.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-1010319
CVE-Crit: MEDIUM
CVE-DESC: WavPack 5.1.0 and earlier versions are affected by: CWE-457: Use of an uninitialized variable. Consequences: unexpected control flow, crashes and failures. This is component: ParseWave64HeaderConfig (wave64.c: 211). Attack vector: Malicious .wav file. Fixed Version: After fixing https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
CVE-STATUS: Default
CVE-REV: default