Skip to main content

Access of Uninitialized Pointer

CVE-2019-11498

Severity Medium
Score 6.5/10

Summary

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-824 - Access of Uninitialized Pointer

The program accesses or uses a pointer that has not been initialized.

References

Advisory Timeline

  • Published