4.3
CVSSv2

CVE-2019-1010319

Published: 11/07/2019 Updated: 16/07/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

WavPack 5.1.0 and previous versions is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.

Vulnerability Trend

Affected Products

Vendor Product Versions
WavpackWavpack5.1.0

Vendor Advisories

Debian Bug report logs - #932060 wavpack: CVE-2019-1010317 Package: src:wavpack; Maintainer for src:wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Jul 2019 15:27:02 UTC Severity: important Tags: security, upstream Fou ...
Debian Bug report logs - #932061 wavpack: CVE-2019-1010319 Package: src:wavpack; Maintainer for src:wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Jul 2019 15:30:02 UTC Severity: important Tags: security, upstream Fou ...
Impact: Moderate Public Date: 2019-08-06 CWE: CWE-665 Bugzilla: 1737740: CVE-2019-1010319 wavpack: use ...
WavPack could be made to crash if it received a specially crafted WAV file ...