CVE-2018-10540

CVE-2018-10540

Name

CVE-2018-10540

Description

An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/dbry/WavPack/issues/33
Patch	https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
Third Party Advisory	https://usn.ubuntu.com/3637-1/
Third Party Advisory	https://www.debian.org/security/2018/dsa-4197
BUGTRAQ	https://seclists.org/bugtraq/2019/Dec/37
MISC	http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/

Type

URI

Exploit

https://github.com/dbry/WavPack/issues/33

Patch

https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d

Third Party Advisory

https://usn.ubuntu.com/3637-1/

Third Party Advisory

https://www.debian.org/security/2018/dsa-4197

BUGTRAQ

https://seclists.org/bugtraq/2019/Dec/37

MISC

http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:wavpack:wavpack::::::::`	wavpack	>= None	<= 5.1.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:*

wavpack

>= None

<= 5.1.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
wavpack	edge-community	5.1.0-r8	None	possibly vulnerable
wavpack	edge-community	5.1.0-r7	None	possibly vulnerable
wavpack	edge-community	5.1.0-r6	None	possibly vulnerable
wavpack	edge-community	5.1.0-r3	None	possibly vulnerable
wavpack	edge-community	5.1.0-r0	None	possibly vulnerable
wavpack	3.22-community	5.1.0-r8	None	possibly vulnerable
wavpack	3.22-community	5.1.0-r7	None	possibly vulnerable
wavpack	3.22-community	5.1.0-r6	None	possibly vulnerable
wavpack	3.22-community	5.1.0-r3	None	possibly vulnerable
wavpack	3.22-community	5.1.0-r0	None	possibly vulnerable
wavpack	3.11-main	5.1.0-r8	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

wavpack

edge-community

5.1.0-r8

None

possibly vulnerable

wavpack

edge-community