Source: wavpack Version: 5.0.0-1 Severity: serious Tags: security upstream Justification: regression from stable, once DSA released Control: fixed -1 5.0.0-2+deb9u2
Hi, The following vulnerabilities were published for wavpack, a fixed version (5.0.0-2+deb9u2) was uploaded to security-master by Moritz Muehlenhoff to be issues as a DSA. CVE-2018-10536[0]: | An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser | component contains a vulnerability that allows writing to memory | because ParseRiffHeaderConfig in riff.c does not reject multiple format | chunks. CVE-2018-10537[1]: | An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser | component contains a vulnerability that allows writing to memory | because ParseWave64HeaderConfig in wave64.c does not reject multiple | format chunks. CVE-2018-10538[2]: | An issue was discovered in WavPack 5.1.0 and earlier for WAV input. | Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c | does not validate the sizes of unknown chunks before attempting memory | allocation, related to a lack of integer-overflow protection within a | bytes_to_copy calculation and subsequent malloc call, leading to | insufficient memory allocation. CVE-2018-10539[3]: | An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. | Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in | dsdiff.c does not validate the sizes of unknown chunks before | attempting memory allocation, related to a lack of integer-overflow | protection within a bytes_to_copy calculation and subsequent malloc | call, leading to insufficient memory allocation. CVE-2018-10540[4]: | An issue was discovered in WavPack 5.1.0 and earlier for W64 input. | Out-of-bounds writes can occur because ParseWave64HeaderConfig in | wave64.c does not validate the sizes of unknown chunks before | attempting memory allocation, related to a lack of integer-overflow | protection within a bytes_to_copy calculation and subsequent malloc | call, leading to insufficient memory allocation. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10536 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536 [1] https://security-tracker.debian.org/tracker/CVE-2018-10537 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537 [2] https://security-tracker.debian.org/tracker/CVE-2018-10538 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538 [3] https://security-tracker.debian.org/tracker/CVE-2018-10539 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539 [4] https://security-tracker.debian.org/tracker/CVE-2018-10540 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540 Regards, Salvatore
