Published: 06/02/2018 Updated: 20/12/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote malicious user to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wavpack wavpack 5.1.0
debian debian linux 9.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10

WavPack could be made to crash if it opened a specially crafted file ...

Joonun Jang discovered several problems in wavpack, an audio compression format suite Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution For the stable distribution (stretch), these problems have been fixed in version 500-2+deb9u1 We recommend that ...

Debian Bug report logs - #897271 wavpack: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 Package: src:wavpack; Maintainer for src:wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 May 2018 07:12 ...

Debian Bug report logs - #889274 wavpack: CVE-2018-7254: global buffer overflow while running wavpack Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> ...

Debian Bug report logs - #889276 wavpack: CVE-2018-6767: stack buffer overflow via crafted wav file Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> D ...

Debian Bug report logs - #889559 wavpack: CVE-2018-7253: heap buffer overflow while running wavpack Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> D ...

An out-of-bounds stack buffer read flaw was found in WavPack This flaw could potentially be used to crash WavPack CLI utilities by tricking them into processing specially crafted WAVE files ...

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riffc file of WavPack 510 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file ...

CWE-125 https://github.com/dbry/WavPack/issues/27 https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276 https://www.debian.org/security/2018/dsa-4125 https://usn.ubuntu.com/3568-1/https://seclists.org/bugtraq/2019/Dec/37 http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://usn.ubuntu.com/3568-1/https://nvd.nist.gov

Get Started

CVE-2018-6767

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect