CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.

References

Affected packages

Git / github.com/dbry/wavpack

Affected ranges

Type: GIT
Repo: https://github.com/dbry/wavpack
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

33a0025d1d63ccd05d9dbaa6923d52b1446a62fe

Affected versions

4.*

4.70.0

4.70.0-rc

4.75.0

4.75.0-rc

4.75.2

4.80.0

4.80.0-rc

5.*

5.0.0

5.0.0-alpha

5.0.0-alpha2

5.0.0-alpha3

5.0.0-alpha4

5.0.0-alpha5

5.1.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/dbry/wavpack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe",
        "id": "CVE-2019-1010319-38995bcb",
        "deprecated": false,
        "target": {
            "file": "cli/wave64.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "122404160467285183712511770525712175680",
                "285219514396165490106202596329857256961",
                "329377426616782729961540193952241123862"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/dbry/wavpack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe",
        "id": "CVE-2019-1010319-9c2e723c",
        "deprecated": false,
        "target": {
            "function": "ParseWave64HeaderConfig",
            "file": "cli/wave64.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 6740.0,
            "function_hash": "164572977520454645612894174087013665163"
        },
        "signature_type": "Function"
    }
]