CVE-2018-6767
Published: 6 February 2018
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
Priority
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
wavpack Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
xenial |
Not vulnerable
(code not present)
|
|
artful |
Released
(5.1.0-2ubuntu0.1)
|
|
Patches: upstream: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 |