Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-6767

Опубликовано: 03 фев. 2018
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.

An out-of-bounds stack buffer read flaw was found in WavPack. This flaw could potentially be used to crash WavPack CLI utilities by tricking them into processing specially crafted WAVE files.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6wavpackNot affected
Red Hat Enterprise Linux 7wavpackNot affected
Red Hat Enterprise Linux 8wavpackNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1542550wavpack: stack buffer overread via crafted wav file

EPSS

Процентиль: 75%
0.00879
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-6767

CVSS3: 7.8
ubuntu
около 8 лет назад

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.

nvd логотип

CVE-2018-6767

CVSS3: 7.8
nvd
около 8 лет назад

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.

debian логотип

CVE-2018-6767

CVSS3: 7.8
debian
около 8 лет назад

A stack-based buffer over-read in the ParseRiffHeaderConfig function o ...

github логотип

GHSA-gqq6-54h2-52m3

CVSS3: 7.8
github
больше 3 лет назад

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.

suse-cvrf логотип

openSUSE-SU-2021:0154-1

suse-cvrf
около 5 лет назад

Security update for wavpack

EPSS

Процентиль: 75%
0.00879
Низкий

3.3 Low

CVSS3