Bug#897271: wavpack: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540
Salvatore Bonaccorso
carnil at debian.org
Tue May 1 08:08:48 BST 2018
Source: wavpack
Version: 5.0.0-1
Severity: serious
Tags: security upstream
Justification: regression from stable, once DSA released
Control: fixed -1 5.0.0-2+deb9u2
Hi,
The following vulnerabilities were published for wavpack, a fixed
version (5.0.0-2+deb9u2) was uploaded to security-master by Moritz
Muehlenhoff to be issues as a DSA.
CVE-2018-10536[0]:
| An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser
| component contains a vulnerability that allows writing to memory
| because ParseRiffHeaderConfig in riff.c does not reject multiple format
| chunks.
CVE-2018-10537[1]:
| An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser
| component contains a vulnerability that allows writing to memory
| because ParseWave64HeaderConfig in wave64.c does not reject multiple
| format chunks.
CVE-2018-10538[2]:
| An issue was discovered in WavPack 5.1.0 and earlier for WAV input.
| Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c
| does not validate the sizes of unknown chunks before attempting memory
| allocation, related to a lack of integer-overflow protection within a
| bytes_to_copy calculation and subsequent malloc call, leading to
| insufficient memory allocation.
CVE-2018-10539[3]:
| An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input.
| Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in
| dsdiff.c does not validate the sizes of unknown chunks before
| attempting memory allocation, related to a lack of integer-overflow
| protection within a bytes_to_copy calculation and subsequent malloc
| call, leading to insufficient memory allocation.
CVE-2018-10540[4]:
| An issue was discovered in WavPack 5.1.0 and earlier for W64 input.
| Out-of-bounds writes can occur because ParseWave64HeaderConfig in
| wave64.c does not validate the sizes of unknown chunks before
| attempting memory allocation, related to a lack of integer-overflow
| protection within a bytes_to_copy calculation and subsequent malloc
| call, leading to insufficient memory allocation.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536
[1] https://security-tracker.debian.org/tracker/CVE-2018-10537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537
[2] https://security-tracker.debian.org/tracker/CVE-2018-10538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538
[3] https://security-tracker.debian.org/tracker/CVE-2018-10539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539
[4] https://security-tracker.debian.org/tracker/CVE-2018-10540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540
Regards,
Salvatore
More information about the pkg-multimedia-maintainers
mailing list