SB2020010504 - Fedora 31 update for mingw-wavpack
Published: January 5, 2020 Updated: April 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Heap-based buffer overwrite (CVE-ID: CVE-2018-10536)
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.The weakness exists in the WAV parser component due to improper rejection of multiple format chunks by the ParseRiffHeaderConfig function, as defined in the riff.c source code file. A local attacker can execute a specially crafted .wav file, trigger heap buffer overwrite and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Heap-based buffer overwrite (CVE-ID: CVE-2018-10537)
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.The weakness exists in the W64 parser component due to improper rejection of multiple format chunks by the ParseWave64HeaderConfig function, as defined in the wave64.c source code file. A local attacker can execute a specially crafted .wav file, trigger heap buffer overwrite and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
3) Buffer overflow (CVE-ID: CVE-2018-10538)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error within ParseRiffHeaderConfig function in riff.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Buffer overflow (CVE-ID: CVE-2018-10539)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error within ParseDsdiffHeaderConfig function in dsdiff.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Buffer overflow (CVE-ID: CVE-2018-10540)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error within ParseWave64HeaderConfig function in wave64.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Infinite loop (CVE-ID: CVE-2018-19840)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the WavpackPackInit function, as defined in the pack_utils.csource code file due to the WavpackSetConfiguration64 function improperly handles a block sample rate of zero. A remote attacker can trick the victim into accessing a .wav file that submits malicious, trigger an infinite loop condition that could consume excessive resources and cause the affected software to crash, resulting in a DoS condition.
7) Out-of-bounds read (CVE-ID: CVE-2018-19841)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the WavpackVerifySingleBlock function, as defined in the open_utils.c source code file due to improper processing of WavPack lossless audio files. A remote attacker can trick the victim into accessing a WavPack lossless audio file that submits malicious, trigger an out-of-bounds read condition and cause the affected software to crash, resulting in a DoS condition.
8) Input validation error (CVE-ID: CVE-2019-11498)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the WavpackSetConfiguration64() function in the pack_utils.c file within the libwavpack.a. A remote attacker can trick the victim to open a specially crafted DFF file that lacks valid sample-rate data and crash the affected application.
9) Division by zero (CVE-ID: CVE-2019-1010315)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to a divide by zero error in the "ParseDsdiffHeaderConfig()" function in the "dsdiff.c" file, when parsing .wav files.
A remote attacker can trick a victim to open a specially crafted .wav file and crash the affected application.
10) Improper Initialization (CVE-ID: CVE-2019-1010319)
11) Improper Initialization (CVE-ID: CVE-2019-1010317)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to an uninitialized read condition in the "ParseCaffHeaderConfig()" function in the caff.c file when parsing .wav files. A remote attacker can persuade a user to access a .wav file that submits malicious input to the targeted system and perform a DoS attack.
Remediation
Install update from vendor's website.