Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 649
    • Issues 649
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 181
    • Merge Requests 181
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #8912

Closed
Open
Opened May 18, 2018 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.7] wavpack: Multiple vulnerabilities (CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540)

CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability
that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

References:

https://github.com/dbry/WavPack/issues/30
https://github.com/dbry/WavPack/issues/31
https://github.com/dbry/WavPack/issues/32

Patch:

https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15

CVE-2018-10537: An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability
that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.

References:

https://github.com/dbry/WavPack/issues/30
https://github.com/dbry/WavPack/issues/31
https://github.com/dbry/WavPack/issues/32

Patch:

https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15

CVE-2018-10538: An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because
ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of
integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

References:

https://github.com/dbry/WavPack/issues/33

Patch:

https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d

CVE-2018-10539: An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because
ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a
lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

References:

https://github.com/dbry/WavPack/issues/33

Patch:

https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d

CVE-2018-10540: An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because
ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related
to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

References:

https://github.com/dbry/WavPack/issues/33

Patch:

https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d

(from redmine: issue id 8912, created on 2018-05-18, closed on 2018-06-12)

  • Relations:
    • copied_to #8911 (closed)
    • parent #8911 (closed)
  • Changesets:
    • Revision 07d81b1f on 2018-06-11T08:36:48Z:
main/wavpack: add secfixes

fixes for:
-CVE-2018-10536
-CVE-2018-10537
-CVE-2018-10538
-CVE-2018-10539
-CVE-2018-10540

Fixes #8912
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.1
Milestone
3.7.1 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#8912