Astra Linux - уязвимость в wavpack

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variables. The impact includes unexpected control flow, crashes, and segfaults. The affected component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is a maliciously crafted .wav file. The fixed version is: Afte...

MiracleLinux 8 : wavpack-5.1.0-15.el8 (AXSA:2020-334:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-334:01 advisory. wawpack: Infinite loop in WavpackPackInit function lead to DoS CVE-2018-19840 wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads ...

TencentOS Server 3: wavpack (TSSA-2022:0061)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0061 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0061: wavpack (ALINUX3-SA-2022:0061)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0061 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2018-19840: The function WavpackPackIn...

Rocky Linux 8 : wavpack (RLSA-2020:1581)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1581 advisory. - The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion...

SUSE CVE-2018-10537

An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks...

SUSE CVE-2018-10540

An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy...

SUSE CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

AlmaLinux 8 : wavpack (ALSA-2020:1581)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:1581 advisory. - The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion...

Advisory ROSA-SA-2021-1995

Software: wavpack 4.60.1 OS: Cobalt 7.9 CVE-ID: CVE-2016-10169 CVE-Crit: MEDIUM CVE-DESC: The readcode function in readwords.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service read out of range via a crafted WV file. CVE-STATUS: default CVE-REV: default CVE-ID:...

SUSE: Security Advisory (SUSE-SU-2019:2191-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : wavpack (CESA-2020:1581)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1581 advisory. - wawpack: Infinite loop in WavpackPackInit function lead to DoS CVE-2018-19840 - wawpack: Out-of-bounds read in WavpackVerifySingleBlock function lead...

RHEL 8 : wavpack (RHSA-2020:1581)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1581 advisory. WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security...

Arbitrary Code Execution

wavpack is vulnerable to arbitrary code execution. The vulnerability exists as the W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks...

wavpack security update

5.1.0-15 - fix Out-of-bounds read in WavpackVerifySingleBlock function 1663151 - CVE-2018-19841 5.1.0-14 - fix uninitialized variable in ParseCaffHeaderConfig 1741251 - CVE-2019-1010317 5.1.0-13 - fortify parsing of .dff files 1707428, 1733627 - CVE-2019-1010315 - CVE-2019-11498 5.1.0-12 - fix...

Denial Of Service (DoS)

wavpack is vulnerable to denial of service DoS. The vulnerability exists through the use of uninitialized variable in ParseWave64HeaderConfig leads to DoS...

Low: Red Hat Security Advisory: wavpack security update

An update for wavpack is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

ALSA-2020:1581 Low: wavpack security update

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security Fixes: wawpack: Infinite loop in WavpackPackInit function lead to DoS CVE-2018-19840 wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads ...

wavpack security update

An update is available for wavpack. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WavPack is a completely open audio compression format providing lossless,...