The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications need to be prepared to handle a wide variety of exceptions.
The product divides a value by zero.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python | Python | * | 3.6.4 (including) |