Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-10172

Published: 14 March 2017

The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

Notes

AuthorNote
leosilva
code affected not present in trusty or xenial
Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
wavpack
Launchpad, Ubuntu, Debian
artful Not vulnerable
(5.0.0-2)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was not-affected)
upstream
Released (5.0.0-2,5.1.0)
xenial Not vulnerable

yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(5.0.0-2)
Patches:
upstream: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc