CVE-2018-19840
MEDIUM5.5EPSS 0.50%wavpack - security update
發布日:2018/12/4修改日:2025/11/19
也稱為:ALPINE-CVE-2018-19840DEBIAN-CVE-2018-19840DEBIAN-CVE-2020-35738DLA-2525-1
描述
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
受影響套件(3)
- Alpine/wavpackfrom 0, < 5.1.0-r7
- Debian/wavpackfrom 0, < 5.1.0-5
- Debian/wavpackfrom 0, < 5.0.0-2+deb9u3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |