5.5
CVE-2019-1010319
- EPSS 1.38%
- Published 11.07.2019 20:15:12
- Last modified 21.11.2024 04:18:10
- Source josh@bress.net
- Teams watchlist Login
- Open Login
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version29
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.04
Debian ≫ Debian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.38% | 0.797 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-457 Use of Uninitialized Variable
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.