Unrated severityOSV Advisory· Published Apr 24, 2019· Updated Aug 4, 2024
CVE-2019-11498
CVE-2019-11498
Description
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27- Range: 4.70.0, 4.70.0-rc, 4.75.0, …
- osv-coords25 versionspkg:rpm/almalinux/wavpackpkg:rpm/almalinux/wavpack-develpkg:rpm/opensuse/wavpack&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/wavpack&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/wavpack&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/wavpack&distro=openSUSE%20Tumbleweedpkg:rpm/suse/wavpack&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/wavpack&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/wavpack&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/wavpack&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/wavpack&distro=SUSE%20Manager%20Server%204.0
< 5.1.0-15.el8+ 24 more
- (no CPE)range: < 5.1.0-15.el8
- (no CPE)range: < 5.1.0-15.el8
- (no CPE)range: < 5.1.0-lp151.5.3.1
- (no CPE)range: < 5.1.0-lp151.5.3.1
- (no CPE)range: < 5.4.0-lp152.7.3.1
- (no CPE)range: < 5.4.0-1.6
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.1.0-4.6.1
- (no CPE)range: < 5.1.0-4.6.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.1.0-4.6.1
- (no CPE)range: < 5.1.0-4.6.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
- (no CPE)range: < 5.4.0-4.9.1
Patches
Vulnerability mechanics
References
9- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202007-19mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3960-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4mitrex_refsource_MISC
- github.com/dbry/WavPack/issues/67mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2021/01/msg00013.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.