Back to search
CVE-2018-19840
Published: Dec 4, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/dbry/WavPack/issues/53
x_refsource_MISC
USN-3839-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2019:1145
vendor-advisory
x_refsource_SUSE
FEDORA-2019-1315f2dc3a
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-88f264563f
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-235c682f35
vendor-advisory
x_refsource_FEDORA
20191219 [slackware-security] wavpack (SSA:2019-353-01)
mailing-list
x_refsource_BUGTRAQ
FEDORA-2020-e55567b6be
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-73274c9df4
vendor-advisory
x_refsource_FEDORA
GLSA-202007-19
vendor-advisory
x_refsource_GENTOO
[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now