7.8

CVE-2018-7254

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WavpackWavpack Version5.1.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.91% 0.95
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html
https://seclists.org/bugtraq/2019/Dec/37
https://www.debian.org/security/2018/dsa-4125
Third Party Advisory
https://usn.ubuntu.com/3578-1/
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
Patch
Third Party Advisory
https://github.com/dbry/WavPack/issues/26
Third Party Advisory
Issue Tracking
https://www.exploit-db.com/exploits/44154/
Third Party Advisory
VDB Entry