7.8

CVE-2018-7253

Exploit
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WavpackWavpack Version5.1.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.92% 0.853
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html
https://seclists.org/bugtraq/2019/Dec/37
https://www.debian.org/security/2018/dsa-4125
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
Patch
Third Party Advisory
https://github.com/dbry/WavPack/issues/28
Third Party Advisory
Exploit
https://usn.ubuntu.com/3578-1/
Third Party Advisory