Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-7253

Published: 19 February 2018

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.

Notes

Author	Note
leosilva	DSDIFF support was added in 5.* version, so neither xenial or trust is affected since code is not present.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
wavpack Launchpad, Ubuntu, Debian	upstream	Needs triage
	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [code not present])
	xenial	Not vulnerable (code not present)
	artful	Released (5.1.0-2ubuntu0.2)

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading