SB2017020622 - Out-of-bounds read in wavpack (Alpine package)
Published: February 6, 2017
Security Bulletin ID
SB2017020622
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2016-10169)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to the read_code function in read_words.c. A remote attacker can supply a specially crafted WV file, trigger out-of-bounds read and cause the application to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2ec57e0e13ceccd61a0be8376969fb676d94c14a
- https://git.alpinelinux.org/aports/commit/?id=6f7ce22e0374f4f07d4f220f22ad7be8de37f4ac
- https://git.alpinelinux.org/aports/commit/?id=29c4cf2fe40fb0571586294d5dc27ab040cd1edd
- https://git.alpinelinux.org/aports/commit/?id=8f0ae71f69b278cfa03b46addf5ac4b17f13b829
- https://git.alpinelinux.org/aports/commit/?id=05c4b90783a66b036056239eca0ae6fa599046c2