Download
| Alert*
oval:org.secpod.oval:def:57802
wavpack: audio codec - encoder and decoder WavPack could be made to crash if it received a specially crafted WAV file. oval:org.secpod.oval:def:66772 WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security Fix: * wawpack: Infinite loop in WavpackPackInit function lead to DoS * wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS * wavpa ... oval:org.secpod.oval:def:705065 wavpack: audio codec - encoder and decoder WavPack could be made to crash if it received a specially crafted WAV file. oval:org.secpod.oval:def:59755 WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service via a DFF file that lacks valid sample-rate data.WavPack 5.1 and earlier in componen ... oval:org.secpod.oval:def:1504203 [5.1.0-15] - fix Out-of-bounds read in WavpackVerifySingleBlock function - CVE-2018-19841 [5.1.0-14] - fix uninitialized variable in ParseCaffHeaderConfig - CVE-2019-1010317 [5.1.0-13] - fortify parsing of .dff files - CVE-2019-1010315 - CVE-2019-11498 [5.1.0-12] - fix possible infinite loop in W ... oval:org.secpod.oval:def:2500146 WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. oval:org.secpod.oval:def:69488 WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security Fix: * wawpack: Infinite loop in WavpackPackInit function lead to DoS * wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS * wavpa ... oval:org.secpod.oval:def:2004936 WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig . The attack vector is: Maliciously crafted .wav file. The fixed version is: After ... |