Bug 1737740 (CVE-2019-1010319)
Summary: | CVE-2019-1010319 wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | lemenkov, mlichvar, rh-spice-bugs, tkorbar, valtri |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 16:33:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1737741, 1737742, 1737743, 1741200, 1741202 | ||
Bug Blocks: | 1737752 |
Description
Marian Rehak
2019-08-06 07:09:56 UTC
Created mingw-wavpack tracking bugs for this issue: Affects: epel-7 [bug 1737741] Affects: fedora-all [bug 1737743] Created wavpack tracking bugs for this issue: Affects: fedora-all [bug 1737742] Statement: This issue affects the versions of wavpack as shipped with Red Hat Enterprise Linux 8. This flaw has been classified as 'Low' regarding the security impact by the Red Hat Product Security Team. Red Hat Enterprise Linux versions prior than the mentioned before are not affected as wavpack shipped with those versions doesn't support the file format required. wavpack application doesn't properly initialize the WaveHeader data structure. When parsing Wave64 file's header without the number of channels information it eventually lead to a 'Division by zero' exception causing DoS. This has a low impact as only the single run from a single user opening the crafted file will be affected. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1581 https://access.redhat.com/errata/RHSA-2020:1581 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-1010319 |