{"id":"CVE-2019-1010315","details":"WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.","modified":"2026-04-02T01:28:04.095567Z","published":"2019-07-11T20:15:12.100Z","related":["ALSA-2020:1581","MGASA-2019-0230","MGASA-2019-0231","openSUSE-SU-2024:11505-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4062-1/"},{"type":"REPORT","url":"https://github.com/dbry/WavPack/issues/65"},{"type":"FIX","url":"https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dbry/wavpack","events":[{"introduced":"0"},{"last_affected":"9ccc3fe4a37d069137ceabe513a4dd9b0a09c1c2"},{"fixed":"4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.1.0"}]}}],"versions":["4.40.0","4.40.0-beta","4.41.0","4.42.0-alpha","4.42.0-alpha2","4.50.0","4.50.0-beta","4.50.1","4.60.0","4.60.0-alpha","4.60.0-beta","4.60.0-beta-winamp-only","4.60.1","4.70.0","4.70.0-alpha","4.70.0-beta","4.70.0-rc","4.75.0","4.75.0-rc","4.75.2","4.80.0","4.80.0-rc","5.0.0","5.0.0-alpha","5.0.0-alpha2","5.0.0-alpha3","5.0.0-alpha4","5.0.0-alpha5","5.1.0"],"database_specific":{"vanir_signatures":[{"id":"CVE-2019-1010315-0bfa0e67","digest":{"line_hashes":["223468198760209522415530051213008541920","84187453593326026586882747625454283818","132163843864917538956865746258217683812","149093281865590928707150542480114560830","160537748801228162604266018850497886140","324062363246101315545314825330263358563","151004110588990038074576782986706820073","211335790083391097169899251935001656139","224186329449611780722103589186991458818","194087188279309037957911130700133282141","209685013335617579615791023681250803167","165718564101656456956608975705750931563"],"threshold":0.9},"target":{"file":"cli/dsdiff.c"},"source":"https://github.com/dbry/wavpack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"id":"CVE-2019-1010315-ea81a2de","digest":{"length":6850,"function_hash":"26431205128459225104067756546612720396"},"target":{"file":"cli/dsdiff.c","function":"ParseDsdiffHeaderConfig"},"source":"https://github.com/dbry/wavpack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc","signature_version":"v1","deprecated":false,"signature_type":"Function"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010315.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}