Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2019-11498

Disclosure Date: April 24, 2019
CVE-2019-11498 CVSS v3 Base Score: 6.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a “Conditional jump or move depends on uninitialised value” condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
3.6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • fedoraproject,
  • wavpack

Products

  • debian linux 9.0,
  • fedora 29,
  • fedora 30,
  • fedora 31,
  • ubuntu linux 18.04,
  • ubuntu linux 18.10,
  • ubuntu linux 19.04,
  • wavpack

References

Canonical
CVE-2019-11498 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11498)
Advisory
USN-3960-1 (https://usn.ubuntu.com/3960-1)
FEDORA-2019-52145aa7ca (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON)
FEDORA-2019-b8a704ff4b (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G)
FEDORA-2020-e55567b6be (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA)
FEDORA-2020-73274c9df4 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH)
GLSA-202007-19 (https://security.gentoo.org/glsa/202007-19)
USN-3960-1 (https://usn.ubuntu.com/3960-1/)
FEDORA-2019-52145aa7ca (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON/)
FEDORA-2019-b8a704ff4b (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/)
FEDORA-2020-e55567b6be (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/)
FEDORA-2020-73274c9df4 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/)
[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update (https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html)
Miscellaneous
https://github.com/dbry/WavPack/issues/67
https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis