Bug 1737740 (CVE-2019-1010319) - CVE-2019-1010319 wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS
Summary: CVE-2019-1010319 wavpack: Use of uninitialized variable in ParseWave64HeaderC...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-1010319
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1741202 1737741 1737742 1737743 1741200
Blocks: 1737752
TreeView+ depends on / blocked
 
Reported: 2019-08-06 07:09 UTC by Marian Rehak
Modified: 2020-04-28 16:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 16:33:39 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1581 None None None 2020-04-28 15:27:52 UTC

Description Marian Rehak 2019-08-06 07:09:56 UTC
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is:Maliciously crafted .wav file.

Upstream Issue:

https://github.com/dbry/WavPack/issues/68

Upstream Patch:

https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe

Comment 1 Marian Rehak 2019-08-06 07:10:17 UTC
Created mingw-wavpack tracking bugs for this issue:

Affects: epel-7 [bug 1737741]
Affects: fedora-all [bug 1737743]


Created wavpack tracking bugs for this issue:

Affects: fedora-all [bug 1737742]

Comment 6 Marco Benatto 2019-08-14 13:57:52 UTC
Statement:

This issue affects the versions of wavpack as shipped with Red Hat Enterprise Linux 8. This flaw has been classified as 'Low' regarding the security impact by the Red Hat Product Security Team.
Red Hat Enterprise Linux versions prior than the mentioned before are not affected as wavpack shipped with those versions doesn't support the file format required.

Comment 9 Marco Benatto 2019-08-14 14:42:58 UTC
wavpack application doesn't properly initialize the WaveHeader data structure. When parsing Wave64 file's header without the number of channels information it eventually lead to a 'Division by zero' exception causing DoS. This has a low impact as only the single run from a single user opening the crafted file will be affected.

Comment 10 errata-xmlrpc 2020-04-28 15:27:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1581 https://access.redhat.com/errata/RHSA-2020:1581

Comment 11 Product Security DevOps Team 2020-04-28 16:33:39 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-1010319


Note You need to log in before you can comment on or make changes to this bug.