Skip to main content

Wavpack

19 CVEs product

Monthly

CVE-2020-35738 MEDIUM POC This Month

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Wavpack Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-1010319 MEDIUM POC PATCH This Month

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-1010317 MEDIUM POC PATCH This Month

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-1010315 MEDIUM POC PATCH This Month

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-11498 MEDIUM POC PATCH This Month

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Wavpack Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
3.0%
CVE-2018-19841 MEDIUM POC PATCH This Month

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack Ubuntu Linux Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
2.5%
CVE-2018-19840 MEDIUM PATCH This Month

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Wavpack Ubuntu Linux Fedora Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-10540 MEDIUM POC PATCH This Month

An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Wavpack Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-10539 MEDIUM POC PATCH This Month

An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Wavpack Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-10538 MEDIUM POC PATCH This Month

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Wavpack Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-10537 HIGH PATCH This Week

An issue was discovered in WavPack 5.1.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Wavpack Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-10536 HIGH PATCH This Week

An issue was discovered in WavPack 5.1.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Wavpack Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
2.0%
CVE-2018-7254 HIGH POC PATCH This Week

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack Debian Linux
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
9.9%
CVE-2018-7253 HIGH POC PATCH This Week

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-6767 HIGH POC PATCH This Week

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
3.0%
CVE-2016-10172 MEDIUM POC PATCH This Month

The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wavpack
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10171 MEDIUM POC PATCH This Month

The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wavpack
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10170 MEDIUM POC PATCH This Month

The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wavpack
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10169 MEDIUM POC PATCH This Month

The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wavpack
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Wavpack +2
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora +2
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Wavpack +3
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM POC PATCH This Month

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack +4
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Wavpack Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Wavpack +1
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Wavpack +1
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Wavpack +1
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in WavPack 5.1.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Wavpack Debian Linux
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in WavPack 5.1.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Wavpack +1
NVD GitHub
EPSS 10% CVSS 7.8
HIGH POC PATCH This Week

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack +2
NVD GitHub
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy