WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. Reference: https://github.com/dbry/WavPack/issues/67 Upstream commit: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
Created mingw-wavpack tracking bugs for this issue: Affects: fedora-all [bug 1704635] Created wavpack tracking bugs for this issue: Affects: fedora-all [bug 1704636]
Created mingw-wavpack tracking bugs for this issue: Affects: epel-7 [bug 1704637]
When reading dsdiff format header WavPack expects the file to has sample rate information, if sanple rate property is missing in the file to be compressed dsdiff parser doesn't initialize it with any value. The uninitialized variable is used further when configuring the encoding engine which may lead to unexpected behavior.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1581 https://access.redhat.com/errata/RHSA-2020:1581
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11498