7.8

CVE-2018-6767

Exploit
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WavpackWavpack Version5.1.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.95% 0.854
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://usn.ubuntu.com/3568-1/
Third Party Advisory
http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276
Third Party Advisory
Exploit
Issue Tracking
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
Patch
https://github.com/dbry/WavPack/issues/27
Third Party Advisory
Issue Tracking
https://seclists.org/bugtraq/2019/Dec/37
https://www.debian.org/security/2018/dsa-4125
Third Party Advisory