CVE-2018-10540 — Out-of-bounds Write in Wavpack
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.4%
top 40.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 29
Latest updateMay 13
Description
An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 mingw-wavpack: various flaws [epel-7]↗2018-05-03
Bugzilla▶
CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 wavpack: various flaws [fedora-all]↗2018-05-03
Bugzilla▶
CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 mingw-wavpack: various flaws [fedora-all]↗2018-05-03
Bugzilla
▶