SB2019081920 - Fedora 30 update for wavpack
Published: August 19, 2019 Updated: April 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper Initialization (CVE-ID: CVE-2019-1010317)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to an uninitialized read condition in the "ParseCaffHeaderConfig()" function in the caff.c file when parsing .wav files. A remote attacker can persuade a user to access a .wav file that submits malicious input to the targeted system and perform a DoS attack.
2) Improper Initialization (CVE-ID: CVE-2019-1010319)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
Remediation
Install update from vendor's website.