CVE-2018-6767
Slackware Security Advisory - wavpack Updates
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
Una sobrelectura de búfer basada en pila en la función ParseRiffHeaderConfig del archivo cli/riff.c de WavPack 5.1.0 permite que un atacante remoto provoque un ataque de denegación de servicio (DoS) o posiblemente otro impacto no especificado mediante un archivo RF64 manipulado maliciosamente.
Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-06 CVE Reserved
- 2018-02-06 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html | X_refsource_misc |
|
https://github.com/dbry/WavPack/issues/27 | Issue Tracking | |
https://seclists.org/bugtraq/2019/Dec/37 | Mailing List |
|
URL | Date | SRC |
---|---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 | 2019-12-20 |
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/3568-1 | 2019-12-20 | |
https://www.debian.org/security/2018/dsa-4125 | 2019-12-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wavpack Search vendor "Wavpack" | Wavpack Search vendor "Wavpack" for product "Wavpack" | 5.1.0 Search vendor "Wavpack" for product "Wavpack" and version "5.1.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
|