CVE-2018-6767

Published: 6 February 2018

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
wavpack Launchpad, Ubuntu, Debian	upstream	Needs triage
	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [code not present])
	xenial	Not vulnerable (code not present)
	artful	Released (5.1.0-2ubuntu0.1)
	Patches: upstream: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767
https://github.com/dbry/WavPack/issues/27
https://ubuntu.com/security/notices/USN-3568-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›