CVE-2012-6303
published 2013-10-28CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote…
PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.24%
95.1th percentile
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | snack | < snack 2.2.10-dfsg1-12.1 (bookworm) | snack 2.2.10-dfsg1-12.1 (bookworm) |
| debian | wavesurfer | < snack 2.2.10-dfsg1-12.1 (bookworm) | snack 2.2.10-dfsg1-12.1 (bookworm) |
| kth | snack_sound_toolkit | — | — |
| kth | snack_sound_toolkit | >= 0 < 2.2.10-dfsg1-12.1 | 2.2.10-dfsg1-12.1 |
| kth | snack_sound_toolkit | >= 0 < 2.2.10-dfsg1-12.1 | 2.2.10-dfsg1-12.1 |
| kth | snack_sound_toolkit | >= 0 < 2.2.10-dfsg1-12.1 | 2.2.10-dfsg1-12.1 |
| kth | snack_sound_toolkit | >= 0 < 2.2.10-dfsg1-12.1 | 2.2.10-dfsg1-12.1 |
| kth | wavesurfer | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2012-6303: snack - Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c...
vendor_debian·2012·CVSS 6.8
CVE-2012-6303 [MEDIUM] CVE-2012-6303: snack - Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c...
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
Scope: local
bookworm: resolved (fixed in 2.2.10-dfsg1-12.1)
bullseye: resolved (fixed in 2.2.10-dfsg1-12.1)
forky: resolved (fixed in 2.2.10-dfsg1-12.1)
sid: resolved (fixed in 2.2.10-dfsg1-12.1)
trixie: resolved (fixed in 2.2.10-dfsg1-12.1)
GHSA
GHSA-8fff-77ch-whpg: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile
ghsa_unreviewed·2022-05-14
CVE-2012-6303 [MEDIUM] CWE-119 GHSA-8fff-77ch-whpg: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
OSV
CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile
osv·2013-10-28·CVSS 6.8
CVE-2012-6303 [MEDIUM] CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
No detection rules found.
Bugzilla
CVE-2012-6303 tcl-snack: multiple buffer overflows [fedora-all]
bugzilla·2012-12-10·CVSS 6.8
CVE-2012-6303 [MEDIUM] CVE-2012-6303 tcl-snack: multiple buffer overflows [fedora-all]
CVE-2012-6303 tcl-snack: multiple buffer overflows [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple
Bugzilla
CVE-2012-6303 tcl-snack: multiple buffer overflows
bugzilla·2012-12-10·CVSS 6.8
CVE-2012-6303 [MEDIUM] CVE-2012-6303 tcl-snack: multiple buffer overflows
CVE-2012-6303 tcl-snack: multiple buffer overflows
CVE-2012-6303 was assigned by MITRE to multiple buffer overflows in WaveSurfer (not shipped) and the Snack Sound Toolkit (tcl-snack):
Disclosures: http://www.exploit-db.com/exploits/19772/
http://secunia.com/advisories/49889/
Product source: http://www.speech.kth.se/snack/
http://wavesurfer.svn.sourceforge.net/viewvc/wavesurfer/trunk/wavesurfer/
(The www.speech.kth.se site refers to "Snack v2.2.10
released December 01 Bug fix release" but this is
apparently about December 01 2004 -- not about a 2012
release.)
No fix is available as of yet.
Also note that the only things that use tcl-snack in Fedora is amsn and coccinella, but I couldn't find a way to change the sounds that play, which means the end user would need to download this craf
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00034.htmlhttp://secunia.com/advisories/49889http://security.gentoo.org/glsa/glsa-201309-04.xmlhttp://www.exploit-db.com/exploits/19772http://www.mandriva.com/security/advisories?name=MDVSA-2013:126http://www.openwall.com/lists/oss-security/2012/12/10/2http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00034.htmlhttp://secunia.com/advisories/49889http://security.gentoo.org/glsa/glsa-201309-04.xmlhttp://www.exploit-db.com/exploits/19772http://www.mandriva.com/security/advisories?name=MDVSA-2013:126http://www.openwall.com/lists/oss-security/2012/12/10/2
2013-10-28
Published