Unrated severityNVD Advisory· Published Dec 4, 2018· Updated Aug 5, 2024
CVE-2018-19840
CVE-2018-19840
Description
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30- osv-coords29 versionspkg:rpm/almalinux/wavpackpkg:rpm/almalinux/wavpack-develpkg:rpm/opensuse/wavpack&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/wavpack&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/wavpack&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/wavpack&distro=openSUSE%20Tumbleweedpkg:rpm/suse/wavpack&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/wavpack&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/wavpack&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/wavpack&distro=SUSE%20Manager%20Server%204.0
< 5.1.0-15.el8+ 28 more
- (no CPE)range: < 5.1.0-15.el8
- (no CPE)range: < 5.1.0-15.el8
- (no CPE)range: < 5.1.0-lp150.3.3.1
- (no CPE)range: < 5.4.0-lp151.5.6.1
- (no CPE)range: < 5.4.0-lp152.7.3.1
- (no CPE)range: < 5.4.0-1.6
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.1.0-4.3.5
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.1.0-4.3.5
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 4.50.1-1.30.1
- (no CPE)range: < 4.60.99-5.6.3
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 4.50.1-1.30.1
- (no CPE)range: < 4.60.99-5.6.3
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 4.50.1-1.30.1
- (no CPE)range: < 4.60.99-5.6.3
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
Patches
Vulnerability mechanics
References
13- lists.opensuse.org/opensuse-security-announce/2019-04/msg00029.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BLSOEVEKF4VNNVNZ2AN46BJUT4TGVWT/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZGXJUHCGQI6XKLCBUZHXPYIIWMFWA22/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVVKOBJR5APOB3KWUWJ4UWQHUBZQL6C6/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202007-19mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3839-1/mitrevendor-advisoryx_refsource_UBUNTU
- packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.htmlmitrex_refsource_MISC
- github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51mitrex_refsource_MISC
- github.com/dbry/WavPack/issues/53mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2021/01/msg00013.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/37mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.