Denial of service in WavPack

Published: 2018-12-05 19:38:56
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-19841
CVE-2018-19840
CVSSv3 5.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
5.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CWE ID CWE-125
CWE-835
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software WavPack
Vulnerable software versions WavPack 4.1
WavPack 4.2
WavPack 4.22

Show more

Vendor URL wavpack

Security Advisory

1) Out-of-bounds read

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the WavpackVerifySingleBlock function, as defined in the open_utils.c source code file due to improper processing of WavPack lossless audio files. A remote attacker can trick the victim into accessing a WavPack lossless audio file that submits malicious, trigger an out-of-bounds read condition and cause the affected software to crash, resulting in a DoS condition.

Remediation

Install update from vendor's website.

External links

https://github.com/dbry/WavPack/issues/54

2) Infinite loop

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the WavpackPackInit function, as defined in the pack_utils.csource code file due to the WavpackSetConfiguration64 function improperly handles a block sample rate of zero. A remote attacker can trick the victim into accessing a .wav file that submits malicious, trigger an infinite loop condition that could consume excessive resources and cause the affected software to crash, resulting in a DoS condition.

Remediation

Install update from vendor's website.

External links

https://github.com/dbry/WavPack/issues/53

Back to List