CVE-2018-7253
published 2018-02-19CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer…
PriorityP335high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
2.92%
85.3th percentile
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | wavpack | < wavpack 5.1.0-3 (bookworm) | wavpack 5.1.0-3 (bookworm) |
| wavpack | wavpack | — | — |
| wavpack | wavpack | >= 0 < 5.1.0-3 | 5.1.0-3 |
| wavpack | wavpack | >= 0 < 5.1.0-3 | 5.1.0-3 |
| wavpack | wavpack | >= 0 < 5.1.0-3 | 5.1.0-3 |
| wavpack | wavpack | >= 0 < 5.1.0-3 | 5.1.0-3 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WavPack vulnerabilities
vendor_ubuntu·2018-02-22·CVSS 7.8
CVE-2018-7254 [HIGH] WavPack vulnerabilities
Title: WavPack vulnerabilities
Summary: Several security issues were fixed in WavPack.
It was discovered that WavPack incorrectly handled certain DSDIFF files.
An attacker could possibly use this to execute arbitrary code or
cause a denial of service. (CVE-2018-7253)
It was discovered that WavPack incorrectly handled certain CAF files.
An attacker could possibly use this to cause a denial of service.
(CVE-2018-7254)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
vendor_redhat·2018-02-19·CVSS 7.8
CVE-2018-7253 [HIGH] CWE-122 wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
An out-of-bounds heap read flaw was found in the way WavPack handled processing of DSD files. An attacker could potentially use this flaw to crash WavPack by tricking it into processing crafted DSD files.
Package: wavpack (Red Hat Enterprise Linux 6) - Not affected
Package: wavpack (Red Hat Enterprise Linux 7) - Not affected
Package: wavpack (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-7253: wavpack - The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 a...
vendor_debian·2018·CVSS 7.8
CVE-2018-7253 [HIGH] CVE-2018-7253: wavpack - The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 a...
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
Scope: local
bookworm: resolved (fixed in 5.1.0-3)
bullseye: resolved (fixed in 5.1.0-3)
forky: resolved (fixed in 5.1.0-3)
sid: resolved (fixed in 5.1.0-3)
trixie: resolved (fixed in 5.1.0-3)
GHSA
GHSA-6jpw-q5h3-rgmr: The ParseDsdiffHeaderConfig function of the cli/dsdiff
ghsa_unreviewed·2022-05-13
CVE-2018-7253 [HIGH] CWE-125 GHSA-6jpw-q5h3-rgmr: The ParseDsdiffHeaderConfig function of the cli/dsdiff
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
OSV
CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff
osv·2018-02-19·CVSS 7.8
CVE-2018-7253 [HIGH] CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-7253 wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
bugzilla·2018-02-21·CVSS 7.8
CVE-2018-7253 [HIGH] CVE-2018-7253 wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
CVE-2018-7253 wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows an attacker to cause a denial-of-service via heap-based buffer over-read.
Upstream bug:
https://github.com/dbry/WavPack/issues/28
Upstream patch:
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
Discussion:
Created mingw-wavpack tracking bugs for this issue:
Affects: epel-7 [bug 1547721]
Affects: fedora-all [bug 1547724]
Created wavpack tracking bugs for this issue:
Affects: fedora-all [bug 1547723]
---
https://src.fedoraproject.org/rpms/wavpack/c/be8d9f333fca9df19894a907d33aded11cb16cbc?branch=master
Bugzilla
CVE-2018-7253 mingw-wavpack: wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [fedora-all]
bugzilla·2018-02-21·CVSS 7.8
CVE-2018-7253 [HIGH] CVE-2018-7253 mingw-wavpack: wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [fedora-all]
CVE-2018-7253 mingw-wavpack: wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Bugzilla
CVE-2018-7253 wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [fedora-all]
bugzilla·2018-02-21·CVSS 7.8
CVE-2018-7253 [HIGH] CVE-2018-7253 wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [fedora-all]
CVE-2018-7253 wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2018-7253 mingw-wavpack: wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [epel-7]
bugzilla·2018-02-21·CVSS 7.8
CVE-2018-7253 [HIGH] CVE-2018-7253 mingw-wavpack: wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [epel-7]
CVE-2018-7253 mingw-wavpack: wavpack: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discus
arXiv
Code-less Patching for Heap Vulnerabilities Using Targeted Calling Context Encoding
arxiv_fulltext·2018-12-11
Code-less Patching for Heap Vulnerabilities Using Targeted Calling Context Encoding
Code-less Patching for Heap Vulnerabilities Using Targeted Calling Context Encoding
comment
1st Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
2nd Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
3rd Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
4th Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
5th Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
City, Country
email address
6th Given Name Surname
dept. name of organization (of Aff.)
name of organization (of Aff.)
http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aechttps://github.com/dbry/WavPack/issues/28https://seclists.org/bugtraq/2019/Dec/37https://usn.ubuntu.com/3578-1/https://www.debian.org/security/2018/dsa-4125http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aechttps://github.com/dbry/WavPack/issues/28https://seclists.org/bugtraq/2019/Dec/37https://usn.ubuntu.com/3578-1/https://www.debian.org/security/2018/dsa-4125
2018-02-19
Published