CVE-2018-10539

Published: 29 April 2018

An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
wavpack Launchpad, Ubuntu, Debian	upstream	Needs triage
	trusty	Does not exist (trusty was not-affected [code not present])
	xenial	Not vulnerable (code not present)
	artful	Released (5.1.0-2ubuntu0.3)
	bionic	Released (5.1.0-2ubuntu1.1)

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›