SB2018050304 - Remote code execution in WavPack 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018050304

SB2018050304 - Remote code execution in WavPack

Published: May 3, 2018 Updated: May 8, 2018

Security Bulletin ID SB2018050304
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-10538)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within ParseRiffHeaderConfig function in riff.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call 

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Buffer overflow (CVE-ID: CVE-2018-10539)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within ParseDsdiffHeaderConfig function in dsdiff.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call 

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Buffer overflow (CVE-ID: CVE-2018-10540)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within ParseWave64HeaderConfig function in wave64.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call 

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Heap-based buffer overwrite (CVE-ID: CVE-2018-10536)

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the WAV parser component due to improper rejection of multiple format chunks by the ParseRiffHeaderConfig function, as defined in the riff.c source code file. A local attacker can execute a specially crafted .wav file, trigger heap buffer overwrite and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

5) Heap-based buffer overwrite (CVE-ID: CVE-2018-10537)

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the W64 parser component due to improper rejection of multiple format chunks by the ParseWave64HeaderConfig function, as defined in the wave64.c source code file. A local attacker can execute a specially crafted .wav file, trigger heap buffer overwrite and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References