ID CVE-2018-6767
Summary A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
References
Vulnerable Configurations
  • cpe:2.3:a:wavpack:wavpack:5.1.0
    cpe:2.3:a:wavpack:wavpack:5.1.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D94E205DF8.NASL
    description - CVE-2018-6767 - CVE-2018-7253 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-14
    plugin id 108313
    published 2018-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108313
    title Fedora 26 : wavpack (2018-d94e205df8)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_50210BC154EF11E895D99C5C8E75236A.NASL
    description Sebastian Ramacher reports : A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. Thuan Pham reports : An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109749
    published 2018-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109749
    title FreeBSD : wavpack -- multiple vulnerabilities (50210bc1-54ef-11e8-95d9-9c5c8e75236a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-5950093E69.NASL
    description Security fix for CVE-2018-6767, CVE-2018-7253, and CVE-2018-7254 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-07
    plugin id 107166
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107166
    title Fedora 26 : mingw-wavpack (2018-5950093e69)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3568-1.NASL
    description Hanno Bock discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10169) Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10. (CVE-2018-6767). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106794
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106794
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : wavpack vulnerabilities (USN-3568-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-3BA1BE2E79.NASL
    description - CVE-2018-6767 - CVE-2018-7253 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-05
    plugin id 107028
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107028
    title Fedora 27 : wavpack (2018-3ba1be2e79)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-023BAAB00F.NASL
    description Security fix for CVE-2018-6767, CVE-2018-7253, and CVE-2018-7254 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-07
    plugin id 107153
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107153
    title Fedora 27 : mingw-wavpack (2018-023baab00f)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4125.NASL
    description Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 107025
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107025
    title Debian DSA-4125-1 : wavpack - security update
refmap via4
confirm
debian DSA-4125
ubuntu USN-3568-1
Last major update 06-02-2018 - 17:29
Published 06-02-2018 - 17:29
Last modified 06-03-2019 - 15:22
Back to Top