CVE-2016-10172

Published: 14 March 2017

The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
wavpack
Launchpad, Ubuntu, Debian
Upstream
Released (5.0.0-2,5.1.0)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Patches:
Upstream: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc