Bug 1729418 (CVE-2019-1010315) - CVE-2019-1010315 wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash
Summary: CVE-2019-1010315 wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-1010315
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1729419 1729420 1729421 1733627 1733628
Blocks: 1729422
TreeView+ depends on / blocked
 
Reported: 2019-07-12 08:43 UTC by Marian Rehak
Modified: 2020-04-28 16:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 16:33:23 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1581 None None None 2020-04-28 15:27:49 UTC

Description Marian Rehak 2019-07-12 08:43:01 UTC
WavPack 5.1 and earlier in component ParseDsdiffHeaderConfig (dsdiff.c:282) has a Divide by Zero, leading to sudden crash of a software/service that tries to parse a maliciously crafted .wav file.

Upstream issue:

https://github.com/dbry/WavPack/issues/65

Upstream fix:

https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc

Comment 1 Marian Rehak 2019-07-12 08:43:21 UTC
Created mingw-wavpack tracking bugs for this issue:

Affects: epel-7 [bug 1729421]
Affects: fedora-all [bug 1729420]


Created wavpack tracking bugs for this issue:

Affects: fedora-all [bug 1729419]

Comment 7 Marco Benatto 2019-08-09 16:07:55 UTC
Statement:

This issue affects WackPack version as shipped with Red Hat Enterprise Linux 8 and was classified with 'Low' security impact by Red Hat Product Security team.
Red Hat Enterprise Linux 6 and 7 are not affected as WavPack shipped with both system versions doesn't provide support for DSD files.

Comment 9 Marco Benatto 2019-08-09 18:25:31 UTC
When parsing the dsdiff header the wavpack application tries to extract the number of channels the input file has, however this value is not validated before being used. This error can be exploited by crafting a special input file as the channel count will be used later causing a 'division by zero' error leading to DoS. It's a low impact security issue as requires user interaction and only the single run of wavpack will be affected.

Comment 10 Sergio Basto 2019-11-13 03:53:40 UTC
Fedora package is fixed , nothing that I can do here

Comment 11 errata-xmlrpc 2020-04-28 15:27:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1581 https://access.redhat.com/errata/RHSA-2020:1581

Comment 12 Product Security DevOps Team 2020-04-28 16:33:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-1010315


Note You need to log in before you can comment on or make changes to this bug.