Your submission was sent successfully! Close

CVE-2018-19840

Published: 4 December 2018

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
wavpack
Launchpad, Ubuntu, Debian
bionic
Released (5.1.0-2ubuntu1.2)
cosmic
Released (5.1.0-4ubuntu0.1)
precise Does not exist

trusty Does not exist
(trusty was released [4.70.0-1ubuntu0.2])
upstream
Released (5.1.0-5)
xenial
Released (4.75.2-2ubuntu0.2)
Patches:
upstream: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51