[3.7] wavpack: Multiple vulnerabilities (CVE-2018-6767, CVE-2018-7253, CVE-2018-7254)
CVE-2018-6767: stack buffer overread via crafted wav file
A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote
attacker to cause a denial-of-service attack or possibly have
unspecified other impact via a maliciously crafted RF64 file.
References:
https://github.com/dbry/WavPack/issues/27
https://nvd.nist.gov/vuln/detail/CVE-2018-6767
Patch:
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
CVE-2018-7253: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack
5.1.0 allows a remote attacker to cause a
denial-of-service (heap-based buffer over-read) or possibly overwrite
the heap via a maliciously crafted DSDIFF file.
References:
https://github.com/dbry/WavPack/issues/28
https://nvd.nist.gov/vuln/detail/CVE-2018-7253
Patch:
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
CVE-2018-7254: Heap-based buffer over-read in ParseCaffHeaderConfig function in cli/caff.c
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack
5.1.0 allows a remote attacker to cause a denial-of-service
(global buffer over-read), or possibly trigger a buffer overflow or
incorrect memory allocation, via a maliciously crafted CAF file.
References:
https://github.com/dbry/WavPack/issues/26
Patch:
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
(from redmine: issue id 8593, created on 2018-02-28, closed on 2018-08-29)
- Relations:
- copied_to #8591 (closed)
- parent #8591 (closed)