CVE-2018-7254

Опубликовано: 19 фев. 2018

Источник: redhat

CVSS3: 3.3

Описание

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.

An out-of-bounds read flaw was found in the way WavPack handled processing of CAF (Core Audio Format) files. An attacker could potentially use this flaw to crash WavPack by tricking it into processing crafted CAF files.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	wavpack	Not affected
Red Hat Enterprise Linux 7	wavpack	Not affected
Red Hat Enterprise Linux 8	wavpack	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1547735wavpack: Global buffer over-read in ParseCaffHeaderConfig function in cli/caff.c

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-7254

CVSS3: 7.8

ubuntu

почти 8 лет назад

CVE-2018-7254

CVSS3: 7.8

nvd

почти 8 лет назад

CVE-2018-7254

CVSS3: 7.8

debian

почти 8 лет назад

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5 ...

GHSA-57rx-55jg-62vm

CVSS3: 7.8

github

больше 3 лет назад

openSUSE-SU-2021:0154-1

suse-cvrf

около 5 лет назад

Security update for wavpack

3.3 Low

CVSS3