Bugzilla – Bug 1201716
VUL-0: CVE-2022-2476: wavpack: Null pointer dereference in wvunpack
Last modified: 2022-12-20 11:17:13 UTC
CVE-2022-2476 A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2476 https://github.com/dbry/WavPack/issues/121
Affected: - SUSE:SLE-11:Update/wavpack 4.50.1 - SUSE:SLE-12:Update/wavpack 4.60.99 - SUSE:SLE-15:Update/wavpack 5.4.0 Not affected (already contains fix): - openSUSE:Factory/wavpack 5.5.0
BEFORE 15/wavpack $ wvunpack -m poc.wv -o / WVUNPACK Hybrid Lossless Audio Decompressor Linux Version 5.4.0 Copyright (c) 1998 - 2020 David Bryant. All Rights Reserved. can't create file /poc./! Segmentation fault (core dumped) $ 12,11/wavpack $ wvunpack -m poc.wv -o / WVUNPACK Hybrid Lossless Audio Decompressor Linux Version 4.70.0-beta Copyright (c) 1998 - 2013 Conifer Software. All Rights Reserved. not compatible with this version of WavPack file! $ PATCH https://github.com/dbry/WavPack/commit/25b4a2725d8568212e7cf89ca05ca29d128af7ac 12,11/wavpack: no ID_ALT_EXTENSION, applying just part of the commit AFTER 15/wavpack $ wvunpack -m poc.wv -o / WVUNPACK Hybrid Lossless Audio Decompressor Linux Version 5.4.0 Copyright (c) 1998 - 2020 David Bryant. All Rights Reserved. unpacked md5: d41d8cd98f00b204e9800998ecf8427e file is missing 1095233371905 samples! missing data or crc errors detected in 4 block(s)! $ 12,11/wavpack $ wvunpack -m poc.wv -o / WVUNPACK Hybrid Lossless Audio Decompressor Linux Version 4.70.0-beta Copyright (c) 1998 - 2013 Conifer Software. All Rights Reserved. not compatible with this version of WavPack file! $ [no change]
Package submitted for: 15,12,11/wavpack I believe all fixed.
SUSE-SU-2022:2682-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1201716 CVE References: CVE-2022-2476 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): wavpack-4.60.99-5.12.1 SUSE Linux Enterprise Server 12-SP5 (src): wavpack-4.60.99-5.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2681-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1201716 CVE References: CVE-2022-2476 JIRA References: Sources used: openSUSE Leap 15.4 (src): wavpack-5.4.0-150000.4.15.1 openSUSE Leap 15.3 (src): wavpack-5.4.0-150000.4.15.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): wavpack-5.4.0-150000.4.15.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): wavpack-5.4.0-150000.4.15.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): wavpack-5.4.0-150000.4.15.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): wavpack-5.4.0-150000.4.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done