WavPack Memory Write Vulnerability

WavPack is an open source, free audio lossless compression software. A security vulnerability exists in WavPack 5.1.0 and earlier versions, which originates from the 'ParseRiffHeaderConfig' function in the riff.c file receiving multiple format chunks, and can be exploited by an attacker to perfor...

ALPINE-CVE-2018-10538

An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy...

PT-2018-9950 · Wavpack +3 · Wavpack +3

Name of the Vulnerable Software and Affected Versions: WavPack versions 5.1.0 and earlier Description: A issue in the WAV parser component allows writing to memory due to the ParseRiffHeaderConfig function in riff.c not rejecting multiple format chunks. Recommendations: For versions 5.1.0 and...

DEBIAN-CVE-2018-6767

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file...