Project

General

Profile

Bug #8915

Bug #8911: wavpack: Multiple vulnerabilities (CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540)

[3.4] wavpack: Multiple vulnerabilities (CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540)

Added by Alicha CH 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
05/18/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability
that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

References:

https://github.com/dbry/WavPack/issues/30
https://github.com/dbry/WavPack/issues/31
https://github.com/dbry/WavPack/issues/32

Patch:

https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15

CVE-2018-10537: An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability
that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.

References:

https://github.com/dbry/WavPack/issues/30
https://github.com/dbry/WavPack/issues/31
https://github.com/dbry/WavPack/issues/32

Patch:

https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15

CVE-2018-10538: An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because
ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of
integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

References:

https://github.com/dbry/WavPack/issues/33

Patch:

https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d

CVE-2018-10539: An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because
ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a
lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

References:

https://github.com/dbry/WavPack/issues/33

Patch:

https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d

CVE-2018-10540: An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because
ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related
to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

References:

https://github.com/dbry/WavPack/issues/33

Patch:

https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d


Related issues

Copied from Alpine Linux - Bug #8911: wavpack: Multiple vulnerabilities (CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540)Closed2018-05-18

Associated revisions

Revision 770d5dd5 (diff)
Added by prspkt 6 months ago

main/wavpack: add secfixes

fixes for:
-CVE-2018-10536
-CVE-2018-10537
-CVE-2018-10538
-CVE-2018-10539
-CVE-2018-10540

Fixes #8915

History

#1 Updated by Alicha CH 7 months ago

  • Copied from Bug #8911: wavpack: Multiple vulnerabilities (CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540) added

#2 Updated by Anonymous 6 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 6 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540)

Also available in: Atom PDF