CVE-2018-6767
published 2018-02-06CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service…
PriorityP335high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
2.95%
85.4th percentile
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | wavpack | < wavpack 5.1.0-3 (bookworm) | wavpack 5.1.0-3 (bookworm) |
| wavpack | wavpack | — | — |
| wavpack | wavpack | >= 0 < 5.1.0-3 | 5.1.0-3 |
| wavpack | wavpack | >= 0 < 5.1.0-3 | 5.1.0-3 |
| wavpack | wavpack | >= 0 < 5.1.0-3 | 5.1.0-3 |
| wavpack | wavpack | >= 0 < 5.1.0-3 | 5.1.0-3 |
| wavpack | wavpack | >= 0 < 4.70.0-1ubuntu0.1 | 4.70.0-1ubuntu0.1 |
| wavpack | wavpack | >= 0 < 4.75.2-2ubuntu0.1 | 4.75.2-2ubuntu0.1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gqq6-54h2-52m3: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff
ghsa_unreviewed·2022-05-13
CVE-2018-6767 [HIGH] CWE-125 GHSA-gqq6-54h2-52m3: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
OSV
wavpack vulnerabilities
osv·2018-02-12·CVSS 5.5
CVE-2016-10169 [MEDIUM] wavpack vulnerabilities
wavpack vulnerabilities
Hanno Böck discovered that WavPack incorrectly handled certain
WV files. An attacker could possibly use this to cause a denial
of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-10169)
Joonun Jang discovered that WavPack incorrectly handled certain
RF64 files. An attacker could possibly use this to cause a denial
of service. This issue only affected Ubuntu 17.10. (CVE-2018-6767)
OSV
CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff
osv·2018-02-06·CVSS 7.8
CVE-2018-6767 [HIGH] CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
Ubuntu
WavPack vulnerabilities
vendor_ubuntu·2018-02-12·CVSS 5.5
CVE-2016-10169 [MEDIUM] WavPack vulnerabilities
Title: WavPack vulnerabilities
Summary: WavPack could be made to crash if it opened a specially crafted
file.
Hanno Böck discovered that WavPack incorrectly handled certain
WV files. An attacker could possibly use this to cause a denial
of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-10169)
Joonun Jang discovered that WavPack incorrectly handled certain
RF64 files. An attacker could possibly use this to cause a denial
of service. This issue only affected Ubuntu 17.10. (CVE-2018-6767)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
wavpack: stack buffer overread via crafted wav file
vendor_redhat·2018-02-03·CVSS 7.8
CVE-2018-6767 [HIGH] CWE-121 wavpack: stack buffer overread via crafted wav file
wavpack: stack buffer overread via crafted wav file
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
An out-of-bounds stack buffer read flaw was found in WavPack. This flaw could potentially be used to crash WavPack CLI utilities by tricking them into processing specially crafted WAVE files.
Package: wavpack (Red Hat Enterprise Linux 6) - Not affected
Package: wavpack (Red Hat Enterprise Linux 7) - Not affected
Package: wavpack (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-6767: wavpack - A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff...
vendor_debian·2018·CVSS 7.8
CVE-2018-6767 [HIGH] CVE-2018-6767: wavpack - A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff...
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
Scope: local
bookworm: resolved (fixed in 5.1.0-3)
bullseye: resolved (fixed in 5.1.0-3)
forky: resolved (fixed in 5.1.0-3)
sid: resolved (fixed in 5.1.0-3)
trixie: resolved (fixed in 5.1.0-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-6767 mingw-wavpack: wavpack: stack buffer overflow via crafted wav file [epel-7]
bugzilla·2018-02-06·CVSS 7.8
CVE-2018-6767 [HIGH] CVE-2018-6767 mingw-wavpack: wavpack: stack buffer overflow via crafted wav file [epel-7]
CVE-2018-6767 mingw-wavpack: wavpack: stack buffer overflow via crafted wav file [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to f
Bugzilla
CVE-2018-6767 wavpack: stack buffer overflow via crafted wav file [fedora-all]
bugzilla·2018-02-06·CVSS 7.8
CVE-2018-6767 [HIGH] CVE-2018-6767 wavpack: stack buffer overflow via crafted wav file [fedora-all]
CVE-2018-6767 wavpack: stack buffer overflow via crafted wav file [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported version
Bugzilla
CVE-2018-6767 wavpack: stack buffer overread via crafted wav file
bugzilla·2018-02-06·CVSS 7.8
CVE-2018-6767 [HIGH] CVE-2018-6767 wavpack: stack buffer overread via crafted wav file
CVE-2018-6767 wavpack: stack buffer overread via crafted wav file
A flaw was found in wavpack 5.1.0-2. Running 'wavpack -y poc.wav' with a maliciously crafted file could cause the application to crash, which may allow an attacker to perform a denial-of-service attack.
Upstream bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276
https://github.com/dbry/WavPack/issues/27
Upstream patch:
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
Discussion:
Created mingw-wavpack tracking bugs for this issue:
Affects: epel-7 [bug 1542551]
Created wavpack tracking bugs for this issue:
Affects: fedora-all [bug 1542552]
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/sec
http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5https://github.com/dbry/WavPack/issues/27https://seclists.org/bugtraq/2019/Dec/37https://usn.ubuntu.com/3568-1/https://www.debian.org/security/2018/dsa-4125http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5https://github.com/dbry/WavPack/issues/27https://seclists.org/bugtraq/2019/Dec/37https://usn.ubuntu.com/3568-1/https://www.debian.org/security/2018/dsa-4125
2018-02-06
Published