CVE-2018-6767

Priority
Medium
Description
A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a
denial-of-service attack or possibly have unspecified other impact via a
maliciously crafted RF64 file.
References
Bugs
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 17.10 (Artful Aardvark):released (5.1.0-2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.1.0-2ubuntu1)
Patches:
Upstream:https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
More Information

Updated: 2018-06-26 05:03:09 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)