CVE-2018-10539

Name
CVE-2018-10539
Description
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/dbry/WavPack/issues/33
Patch https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
Third Party Advisory https://usn.ubuntu.com/3637-1/
Third Party Advisory https://www.debian.org/security/2018/dsa-4197
BUGTRAQ https://seclists.org/bugtraq/2019/Dec/37
MISC http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:* wavpack >= None <= 5.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
wavpack 3.11-main 5.1.0-r8 Natanael Copa <ncopa@alpinelinux.org> fixed