SB2019081920 - Fedora 30 update for wavpack
Published: August 19, 2019 Updated: April 25, 2025
Security Bulletin ID
SB2019081920
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper Initialization (CVE-ID: CVE-2019-1010317)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to an uninitialized read condition in the "ParseCaffHeaderConfig()" function in the caff.c file when parsing .wav files. A remote attacker can persuade a user to access a .wav file that submits malicious input to the targeted system and perform a DoS attack.
2) Improper Initialization (CVE-ID: CVE-2019-1010319)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the targeted system.
The vulnerability exists due to an uninitialized read condition in the "ParseWave64HeaderConfig()" function in "wave64.c" file when parsing .wav files. A remote attacker can trick a victim to open a specially crafted .wav file and crash the affected application.
Remediation
Install update from vendor's website.