What is the severity of CVE-2019-1010317?

CVE-2019-1010317 has a high severity due to the potential for unexpected control flow, crashes, and segmentation faults.

How do I fix CVE-2019-1010317?

To fix CVE-2019-1010317, update WavPack to version 5.1.0-2ubuntu1.4 or later on Ubuntu, or to versions 5.4.0-1, 5.6.0-1, or 5.7.0-1 on Debian.

Which versions of WavPack are affected by CVE-2019-1010317?

WavPack versions 5.1.0 and earlier are affected by CVE-2019-1010317.

What is the nature of the vulnerability CVE-2019-1010317?

CVE-2019-1010317 is caused by the use of uninitialized variables in the ParseCaffHeaderConfig function.

What are the implications of CVE-2019-1010317 for users?

Users may experience crashes or unexpected behavior when processing maliciously crafted .wav files due to CVE-2019-1010317.

Vulnerability/
CVE-2019-1010317

medium

5.5

CWE

908 457

11/7/2019

5/8/2024

CVE-2019-1010317

First published: Thu Jul 11 2019(Updated: )

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

Credit: josh@bress.net

Affected Software	Affected Version	How to fix
ubuntu/wavpack	<5.1.0-2ubuntu1.4	5.1.0-2ubuntu1.4
ubuntu/wavpack	<5.1.0-5ubuntu0.2	5.1.0-5ubuntu0.2
debian/wavpack		5.4.0-1 5.6.0-1 5.7.0-1
libwavpack1	<=5.1.0
Fedora	=29
Fedora	=30
Fedora	=31
Ubuntu	=18.04
Ubuntu	=19.04
Debian	=9.0
Wavpack	<=5.1.0

Remedy

https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-4062-1

Frequently Asked Questions

What is the severity of CVE-2019-1010317?
CVE-2019-1010317 has a high severity due to the potential for unexpected control flow, crashes, and segmentation faults.
How do I fix CVE-2019-1010317?
To fix CVE-2019-1010317, update WavPack to version 5.1.0-2ubuntu1.4 or later on Ubuntu, or to versions 5.4.0-1, 5.6.0-1, or 5.7.0-1 on Debian.
Which versions of WavPack are affected by CVE-2019-1010317?
WavPack versions 5.1.0 and earlier are affected by CVE-2019-1010317.
What is the nature of the vulnerability CVE-2019-1010317?
CVE-2019-1010317 is caused by the use of uninitialized variables in the ParseCaffHeaderConfig function.
What are the implications of CVE-2019-1010317 for users?
Users may experience crashes or unexpected behavior when processing maliciously crafted .wav files due to CVE-2019-1010317.

agent/weakness
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/severity
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/references
collector/security-tracker-debian
source/Debian
agent/trending
agent/source
agent/author
collector/nvd-index
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-cve
source/NVD
package-manager/ubuntu
package-manager/debian
vendor/wavpack
canonical/libwavpack1
version/libwavpack1/5.1.0
vendor/fedoraproject
canonical/fedora
version/fedora/29
version/fedora/30
version/fedora/31
vendor/canonical
canonical/ubuntu
version/ubuntu/18.04
version/ubuntu/19.04
vendor/debian
canonical/debian
version/debian/9.0
canonical/wavpack
version/wavpack/5.1.0