Wavpack@* Security Vulnerabilities and Issues — Wavpack@* CVE List

Lucene search

WavpackWavpack*

9 matches found

CVE•added 2019/07/11 8:15 p.m.•265 views

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https:/...

5.5CVSS5.9AI score0.01041EPSS

CVE•added 2019/07/11 8:15 p.m.•236 views

CVE-2019-1010315

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed ver...

5.5CVSS5.7AI score0.00625EPSS

CVE•added 2019/07/11 8:15 p.m.•235 views

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://git...

5.5CVSS5.9AI score0.01041EPSS

CVE•added 2018/12/04 9:29 a.m.•216 views

CVE-2018-19841

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

5.5CVSS5.5AI score0.00471EPSS

CVE•added 2018/12/04 9:29 a.m.•214 views

CVE-2018-19840

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

5.5CVSS5.3AI score0.00353EPSS

CVE•added 2018/04/29 3:29 p.m.•160 views

CVE-2018-10538

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calcu...

5.5CVSS5.7AI score0.00643EPSS

CVE•added 2018/04/29 3:29 p.m.•159 views

CVE-2018-10539

An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_cop...

5.5CVSS5.7AI score0.00616EPSS

CVE•added 2018/04/29 3:29 p.m.•145 views

CVE-2018-10540

An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy c...

5.5CVSS5.7AI score0.00375EPSS

CVE•added 2022/07/19 8:15 p.m.•101 views

CVE-2022-2476

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x...

5.5CVSS5.1AI score0.00034EPSS