Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-7253

Published: 19 February 2018

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.

Notes

AuthorNote
leosilva
DSDIFF support was added in 5.* version, so neither xenial or
trust is affected since code is not present.
Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
wavpack
Launchpad, Ubuntu, Debian
artful
Released (5.1.0-2ubuntu0.2)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

xenial Not vulnerable
(code not present)