user/wavpack: multiple vulnerabilities
Bugzilla ID | 129 |
Alias(es) | CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540, CVE-2018-19840, CVE-2018-19841, CVE-2018-6767, CVE-2018-7253, CVE-2018-7254, CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010319, CVE-2019-11498 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-29 04:23:33 -0500 |
Modified | 2020-03-21 14:04:25 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2018-6767: https://nvd.nist.gov/vuln/detail/CVE-2018-6767
A stack-based buffer over-read in the ParseRiffHeaderConfig function
of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause
a denial-of-service attack or possibly have unspecified other impact
via a maliciously crafted RF64 file.
CVE-2018-7253: https://nvd.nist.gov/vuln/detail/CVE-2018-7253
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.
CVE-2018-7254: https://nvd.nist.gov/vuln/detail/CVE-2018-7254
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack
5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect
memory allocation, via a maliciously crafted CAF file.
CVE-2018-10536: https://nvd.nist.gov/vuln/detail/CVE-2018-10536
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser
component contains a vulnerability that allows writing to memory
because ParseRiffHeaderConfig in riff.c does not reject multiple
format chunks.
CVE-2018-10537: https://nvd.nist.gov/vuln/detail/CVE-2018-10537
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser
component contains a vulnerability that allows writing to memory
because ParseWave64HeaderConfig in wave64.c does not reject multiple
format chunks.
CVE-2018-10538: https://nvd.nist.gov/vuln/detail/CVE-2018-10538
An issue was discovered in WavPack 5.1.0 and earlier for WAV input.
Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c
does not validate the sizes of unknown chunks before attempting memory
allocation, related to a lack of integer-overflow protection within a
bytes_to_copy calculation and subsequent malloc call, leading to
insufficient memory allocation.
CVE-2018-10539: https://nvd.nist.gov/vuln/detail/CVE-2018-10539
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input.
Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in
dsdiff.c does not validate the sizes of unknown chunks before
attempting memory allocation, related to a lack of integer-overflow
protection within a bytes_to_copy calculation and subsequent malloc
call, leading to insufficient memory allocation.
CVE-2018-10540: https://nvd.nist.gov/vuln/detail/CVE-2018-10540
An issue was discovered in WavPack 5.1.0 and earlier for W64 input.
Out-of-bounds writes can occur because ParseWave64HeaderConfig in
wave64.c does not validate the sizes of unknown chunks before
attempting memory allocation, related to a lack of integer-overflow
protection within a bytes_to_copy calculation and subsequent malloc
call, leading to insufficient memory allocation.
CVE-2019-11498: https://nvd.nist.gov/vuln/detail/CVE-2019-11498
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack
through 5.1.0 has a "Conditional jump or move depends on uninitialised
value" condition, which might allow attackers to cause a denial of
service (application crash) via a DFF file that lacks valid
sample-rate data.
CVE-2019-1010315: https://nvd.nist.gov/vuln/detail/CVE-2019-1010315
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The
impact is: Divide by zero can lead to sudden crash of a
software/service that tries to parse a .wav file. The component is:
ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is:
Maliciously crafted .wav file. The fixed version is: After commit
https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.
CVE-2019-1010317: https://nvd.nist.gov/vuln/detail/CVE-2019-1010317
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of
Uninitialized Variable. The impact is: Unexpected control flow,
crashes, and segfaults. The component is: ParseCaffHeaderConfig
(caff.c:486). The attack vector is: Maliciously crafted .wav file. The
fixed version is: After commit
https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.
CVE-2019-1010319: https://nvd.nist.gov/vuln/detail/CVE-2019-1010319
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of
Uninitialized Variable. The impact is: Unexpected control flow,
crashes, and segfaults. The component is: ParseWave64HeaderConfig
(wave64.c:211). The attack vector is: Maliciously crafted .wav file.
The fixed version is: After commit
https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.