cbcvebase.
CVE-2012-6303
published 2013-10-28

CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote…

PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.24%
95.1th percentile
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiansnack< snack 2.2.10-dfsg1-12.1 (bookworm)snack 2.2.10-dfsg1-12.1 (bookworm)
debianwavesurfer< snack 2.2.10-dfsg1-12.1 (bookworm)snack 2.2.10-dfsg1-12.1 (bookworm)
kthsnack_sound_toolkit
kthsnack_sound_toolkit>= 0 < 2.2.10-dfsg1-12.12.2.10-dfsg1-12.1
kthsnack_sound_toolkit>= 0 < 2.2.10-dfsg1-12.12.2.10-dfsg1-12.1
kthsnack_sound_toolkit>= 0 < 2.2.10-dfsg1-12.12.2.10-dfsg1-12.1
kthsnack_sound_toolkit>= 0 < 2.2.10-dfsg1-12.12.2.10-dfsg1-12.1
kthwavesurfer
opensuseopensuse
opensuseopensuse

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.