Published: 29/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in WavPack 5.1.0 and previous versions. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wavpack wavpack
debian debian linux 8.0
debian debian linux 9.0

Several security issues were fixed in WavPackXXX-APP-XXX ...

Debian Bug report logs - #897271 wavpack: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 Package: src:wavpack; Maintainer for src:wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 May 2018 07:12 ...

Debian Bug report logs - #889274 wavpack: CVE-2018-7254: global buffer overflow while running wavpack Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> ...

Debian Bug report logs - #889276 wavpack: CVE-2018-6767: stack buffer overflow via crafted wav file Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> D ...

Debian Bug report logs - #889559 wavpack: CVE-2018-7253: heap buffer overflow while running wavpack Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> D ...

Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed The oldstable distribution (jessie) is not affected For the stable distribution (stretch), these problems have been fixed in version 500-2+deb9u2 We recommend that ...

An issue was discovered in WavPack 510 and earlier The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64c does not reject multiple format chunks ...

CWE-119 https://github.com/dbry/WavPack/issues/32 https://github.com/dbry/WavPack/issues/31 https://github.com/dbry/WavPack/issues/30 https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15 https://usn.ubuntu.com/3637-1/https://www.debian.org/security/2018/dsa-4197 https://seclists.org/bugtraq/2019/Dec/37 http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/https://usn.ubuntu.com/3637-1/https://nvd.nist.gov

CVE-2018-10537

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect