6.5

CVE-2019-11498

Exploit
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WavpackWavpack Version <= 5.1.0
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
FedoraprojectFedora Version29
FedoraprojectFedora Version30
FedoraprojectFedora Version31
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.04% 0.858
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/
https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202007-19
Third Party Advisory
https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
Patch
Third Party Advisory
https://github.com/dbry/WavPack/issues/67
Third Party Advisory
Exploit
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/
https://usn.ubuntu.com/3960-1/
Third Party Advisory