Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-1010317: Uninitialized Read in ParseCaffHeaderConfig() · Issue #66 · dbry/WavPack

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

CVE
#linux#git#ssl

The parsing of the attached file uninit-caff.wav leads to a read of an uninitialized location in memory. The uninitialized read can be uncovered using a tool such as Valgrind or MemorySanitizer. For example:

$ valgrind cli/wavpack uninit-caff.wav
==21063== Memcheck, a memory error detector
==21063== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==21063== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==21063== Command: ./cli/wavpack uninit-caff.wav
==21063== 

 WAVPACK  Hybrid Lossless Audio Compressor  Linux Version 5.1.0
 Copyright (c) 1998 - 2019 David Bryant.  All Rights Reserved.

creating uninit-caff.wv,==21063== Conditional jump or move depends on uninitialised value(s)
==21063==    at 0x411C43: ParseCaffHeaderConfig (caff.c:486)
==21063==    by 0x408A94: pack_file (wavpack.c:1777)
==21063==    by 0x404AE2: main (wavpack.c:1273)

It appears that this is an uninitialized read of the field caf_audio_format.mBytesPerPacket on this line.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907