CVE-2016-10169 — Out-of-bounds Read in Wavpack

CWE-125 — Out-of-bounds Read CWE-122 — Heap-based Buffer Overflow13 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 36.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wavpack Debian Wavpack Wavpack Project Wavpack

Timeline

PublishedMar 14

Latest updateMay 14

Description

The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/wavpack< wavpack 5.0.0-2 (bookworm)

▶Debianwavpack/wavpack< 5.0.0-2+3

▶Ubuntuwavpack/wavpack< 4.70.0-1ubuntu0.1+1

▶NVDwavpack_project/wavpack5.0.0

Patches

Patch: www.openwall.com ↗Patch: github.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-v2fw-mf5r-pfvv: The read_code function in read_words↗2022-05-14

▶

OSV

wavpack vulnerabilities↗2018-02-12

▶

OSV

CVE-2016-10169: The read_code function in read_words↗2017-03-14

▶

📋Vendor Advisories

Ubuntu

WavPack vulnerabilities↗2018-02-12

▶

Red Hat

wavpack: Global buffer overread in read_code / read_words.c↗2016-12-18

▶

Debian

CVE-2016-10169: wavpack - The read_code function in read_words.c in Wavpack before 5.1.0 allows remote att...↗2016

▶

💬Community

Bugzilla

CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 mingw-wavpack: various flaws [epel-7]↗2017-01-31

▶

Bugzilla

CVE-2016-10169 wavpack: Global buffer overread in read_code / read_words.c↗2017-01-31

▶

Bugzilla

CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 wavpack: various flaws [epel-5]↗2017-01-31

▶

Bugzilla

CVE-2016-10172 wavpack: Heap out of bounds read in read_new_config_info / open_utils.c↗2017-01-31

▶

Bugzilla

CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 mingw-wavpack: various flaws [fedora-all]↗2017-01-31

▶