#VU19215 Improper Initialization in WavPack - CVE-2019-1010319
Vulnerability identifier: #VU19215
Vulnerability risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID:
CWE-ID:
CWE-665
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
WavPack
Client/Desktop applications /
Multimedia software
Vendor: wavpack
Description
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
WavPack: 4.50.0 - 5.1.0
External links
https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe
https://github.com/dbry/WavPack/issues/68
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
