What is the severity of CVE-2019-11498?

CVE-2019-11498 has a severity rating that indicates it can cause a denial of service due to an application crash.

How do I fix CVE-2019-11498?

To fix CVE-2019-11498, update WavPack to version 5.1.0-2ubuntu1.3 or later for Ubuntu or to version 5.4.0-1 or later for Debian.

Which software versions are affected by CVE-2019-11498?

CVE-2019-11498 affects WavPack versions up to 5.1.0, including specific versions in Ubuntu and Debian distributions.

Can CVE-2019-11498 be exploited remotely?

CVE-2019-11498 could potentially be exploited by an attacker through a specially crafted DFF file.

What should I do if I am using WavPack and impacted by CVE-2019-11498?

If you are using an affected version of WavPack, you should immediately update to the fixed versions to prevent possible denial of service.

Vulnerability/
CVE-2019-11498

medium

6.5

CWE

824

24/4/2019

4/8/2024

CVE-2019-11498

First published: Wed Apr 24 2019(Updated: )

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ubuntu/wavpack	<5.1.0-2ubuntu1.3	5.1.0-2ubuntu1.3
ubuntu/wavpack	<5.1.0-4ubuntu0.2	5.1.0-4ubuntu0.2
ubuntu/wavpack	<5.1.0-5ubuntu0.1	5.1.0-5ubuntu0.1
debian/wavpack		5.4.0-1 5.6.0-1 5.7.0-1
libwavpack1	<=5.1.0
Ubuntu	=18.04
Ubuntu	=18.10
Ubuntu	=19.04
Fedora	=29
Fedora	=30
Fedora	=31
Debian	=9.0

Remedy

https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-3960-1

Frequently Asked Questions

What is the severity of CVE-2019-11498?
CVE-2019-11498 has a severity rating that indicates it can cause a denial of service due to an application crash.
How do I fix CVE-2019-11498?
To fix CVE-2019-11498, update WavPack to version 5.1.0-2ubuntu1.3 or later for Ubuntu or to version 5.4.0-1 or later for Debian.
Which software versions are affected by CVE-2019-11498?
CVE-2019-11498 affects WavPack versions up to 5.1.0, including specific versions in Ubuntu and Debian distributions.
Can CVE-2019-11498 be exploited remotely?
CVE-2019-11498 could potentially be exploited by an attacker through a specially crafted DFF file.
What should I do if I am using WavPack and impacted by CVE-2019-11498?
If you are using an affected version of WavPack, you should immediately update to the fixed versions to prevent possible denial of service.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/remedy
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/references
agent/first-publish-date
agent/description
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/author
agent/event
agent/trending
agent/source
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/tags
agent/softwarecombine
package-manager/ubuntu
package-manager/debian
vendor/wavpack
canonical/libwavpack1
version/libwavpack1/5.1.0
vendor/canonical
canonical/ubuntu
version/ubuntu/18.04
version/ubuntu/18.10
version/ubuntu/19.04
vendor/fedoraproject
canonical/fedora
version/fedora/29
version/fedora/30
version/fedora/31
vendor/debian
canonical/debian
version/debian/9.0