Published: 19/02/2018 Updated: 20/12/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote malicious user to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wavpack wavpack 5.1.0
debian debian linux 9.0
canonical ubuntu linux 17.10

Several security issues were fixed in WavPack ...

Joonun Jang discovered several problems in wavpack, an audio compression format suite Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution For the stable distribution (stretch), these problems have been fixed in version 500-2+deb9u1 We recommend that ...

Debian Bug report logs - #897271 wavpack: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 Package: src:wavpack; Maintainer for src:wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 May 2018 07:12 ...

Debian Bug report logs - #889274 wavpack: CVE-2018-7254: global buffer overflow while running wavpack Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> ...

Debian Bug report logs - #889276 wavpack: CVE-2018-6767: stack buffer overflow via crafted wav file Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> D ...

Debian Bug report logs - #889559 wavpack: CVE-2018-7253: heap buffer overflow while running wavpack Package: wavpack; Maintainer for wavpack is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for wavpack is src:wavpack (PTS, buildd, popcon) Reported by: Joonun Jang <joonunjang@gmailcom> D ...

An out-of-bounds heap read flaw was found in the way WavPack handled processing of DSD files An attacker could potentially use this flaw to crash WavPack by tricking it into processing crafted DSD files ...

The ParseDsdiffHeaderConfig function of the cli/dsdiffc file of WavPack 510 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file ...

CWE-125 https://github.com/dbry/WavPack/issues/28 https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559 https://www.debian.org/security/2018/dsa-4125 https://usn.ubuntu.com/3578-1/https://seclists.org/bugtraq/2019/Dec/37 http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html https://usn.ubuntu.com/3578-1/https://nvd.nist.gov

Get Started

CVE-2018-7253

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect