Note:
This project will be discontinued after December 13, 2021. [more]
2018-02-06
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
| Products | Ubuntu_linux, Debian_linux, Wavpack |
| Type | Out-of-bounds Read (CWE-125) |
| First patch |
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 |
| Relevant file/s | ./cli/riff.c (modified, +32, -7) |
| Links |
• http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html
• https://www.debian.org/security/2018/dsa-4125 • https://github.com/dbry/WavPack/issues/27 • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276 • https://seclists.org/bugtraq/2019/Dec/37 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: