67 matches found
CVE-2019-11498
WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...
CVE-2019-1010317
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...
CVE-2019-1010319
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...
CVE-2019-1010317
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...
CVE-2019-1010319
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...
CVE-2019-1010317
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...
CVE-2019-1010317
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...
CVE-2019-1010319
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...
CVE-2019-1010319
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...
Fedora 30 : wavpack (2019-1315f2dc3a)
Fix for CVE-2018-19840 CVE-2018-19841 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
CVE-2019-11498
WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...
Design/Logic Flaw
WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...
CVE-2019-11498
WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...
CVE-2019-11498
WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...
CVE-2019-11498
WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...
CVE-2018-19840
The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...
CVE-2018-19840
The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...
CVE-2018-19840
The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...
CVE-2018-19841
The function WavpackVerifySingleBlock in openutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service out-of-bounds read and application crash via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack...
CVE-2018-10538
An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy...