Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-10538

Опубликовано: 22 апр. 2018
Источник: redhat
CVSS3: 7.8

Описание

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

Отчет

Red Hat Enterprise Linux 6 is now in Maintenance support 2 Phase of the support and maintenance life cycle. This issue has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6wavpackWill not fix
Red Hat Enterprise Linux 7wavpackWill not fix
Red Hat Enterprise Linux 8wavpackNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1574728wavpack: out of bounds write in ParseRiffHeaderConfig in riff.c

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-10538

CVSS3: 5.5
ubuntu
почти 8 лет назад

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

nvd логотип

CVE-2018-10538

CVSS3: 5.5
nvd
почти 8 лет назад

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

debian логотип

CVE-2018-10538

CVSS3: 5.5
debian
почти 8 лет назад

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Ou ...

github логотип

GHSA-985g-xhxj-qvr3

CVSS3: 5.5
github
больше 3 лет назад

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.

suse-cvrf логотип

openSUSE-SU-2021:0154-1

suse-cvrf
около 5 лет назад

Security update for wavpack

7.8 High

CVSS3