Published: 29/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in WavPack 5.1.0 and previous versions for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wavpack wavpack
debian debian linux 8.0
debian debian linux 9.0

Several security issues were fixed in WavPackXXX-APP-XXX ...

Debian Bug report logs - #897271 wavpack: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 Package: src:wavpack; Maintainer for src:wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 May 2018 07:12 ...

Debian Bug report logs - #889274 wavpack: CVE-2018-7254: global buffer overflow while running wavpack Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> ...

Debian Bug report logs - #889276 wavpack: CVE-2018-6767: stack buffer overflow via crafted wav file Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> D ...

Debian Bug report logs - #889559 wavpack: CVE-2018-7253: heap buffer overflow while running wavpack Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> D ...

Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed The oldstable distribution (jessie) is not affected For the stable distribution (stretch), these problems have been fixed in version 500-2+deb9u2 We recommend that ...

An issue was discovered in WavPack 510 and earlier for DSDiff input Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiffc does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading t ...

CWE-787 https://github.com/dbry/WavPack/issues/33 https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d https://usn.ubuntu.com/3637-1/https://www.debian.org/security/2018/dsa-4197 https://seclists.org/bugtraq/2019/Dec/37 http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/https://usn.ubuntu.com/3637-1/https://nvd.nist.gov

CVE-2018-10539

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect