wavpack: multiple out of bounds memory reads (CVE-2016-10169, CVE-2016-10170, CVE-2016-10171, CVE-2016-10172)
CVE-2016-10169: global buffer overread in read_code / read_words.c
Fixed In Version:
wavpack 5.1.0
References:
http://seclists.org/oss-sec/2017/q1/221
Patch:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
CVE-2016-10170: Heap out of bounds read in WriteCaffHeader / caff.c
Fixed In Version:
wavpack 5.1.0
References:
http://seclists.org/oss-sec/2017/q1/221
Patch:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
CVE-2016-10171: heap out of bounds read in unreorder_channels / wvunpack.c
Fixed In Version:
wavpack 5.1.0
References:
http://seclists.org/oss-sec/2017/q1/221
Patch:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
CVE-2016-10172: Heap out of bounds read in read_new_config_info / open_utils.c
Fixed In Version:
wavpack 5.1.0
References:
http://seclists.org/oss-sec/2017/q1/221
Patch:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
(from redmine: issue id 6816, created on 2017-02-06, closed on 2017-02-07)
- Relations:
- child #6817 (closed)
- child #6818 (closed)
- child #6819 (closed)
- child #6820 (closed)
- child #6821 (closed)