Out-of-bounds read in wavpack (Alpine package)



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-10171
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 wavpack (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU33049

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-10171

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

wavpack (Alpine package): 4.70.0-r3 - 4.80.0-r0

CPE2.3 External links

https://git.alpinelinux.org/aports/commit/?id=6f7ce22e0374f4f07d4f220f22ad7be8de37f4ac
https://git.alpinelinux.org/aports/commit/?id=9f5a7e1687ed9f331cf5065f7c44d235b6426ef3
https://git.alpinelinux.org/aports/commit/?id=29c4cf2fe40fb0571586294d5dc27ab040cd1edd
https://git.alpinelinux.org/aports/commit/?id=8f0ae71f69b278cfa03b46addf5ac4b17f13b829
https://git.alpinelinux.org/aports/commit/?id=05c4b90783a66b036056239eca0ae6fa599046c2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###