Slackware Linux update for wavpack
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2018-6767 CVE-2018-7253 CVE-2018-7254 |
| CWE-ID | CWE-787 CWE-190 CWE-835 CWE-125 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #10 is available. |
| Vulnerable software |
Slackware Linux Operating systems & Components / Operating system |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Heap-based buffer overwrite
EUVDB-ID: #VU12398
Risk: Medium
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2018-10536
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the WAV parser component due to improper rejection of multiple format chunks by the ParseRiffHeaderConfig function, as defined in the riff.c source code file. A local attacker can execute a specially crafted .wav file, trigger heap buffer overwrite and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Heap-based buffer overwrite
EUVDB-ID: #VU12399
Risk: Medium
CVSSv4.0: 6.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2018-10537
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the W64 parser component due to improper rejection of multiple format chunks by the ParseWave64HeaderConfig function, as defined in the wave64.c source code file. A local attacker can execute a specially crafted .wav file, trigger heap buffer overwrite and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Buffer overflow
EUVDB-ID: #VU12361
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-10538
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error within ParseRiffHeaderConfig function in riff.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU12362
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-10539
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error within ParseDsdiffHeaderConfig function in dsdiff.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU12363
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-10540
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error within ParseWave64HeaderConfig function in wave64.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU16283
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19840
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the WavpackPackInit function, as defined in the pack_utils.csource code file due to the WavpackSetConfiguration64 function improperly handles a block sample rate of zero. A remote attacker can trick the victim into accessing a .wav file that submits malicious, trigger an infinite loop condition that could consume excessive resources and cause the affected software to crash, resulting in a DoS condition.
MitigationUpdate the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Out-of-bounds read
EUVDB-ID: #VU16282
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19841
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the WavpackVerifySingleBlock function, as defined in the open_utils.c source code file due to improper processing of WavPack lossless audio files. A remote attacker can trick the victim into accessing a WavPack lossless audio file that submits malicious, trigger an out-of-bounds read condition and cause the affected software to crash, resulting in a DoS condition.
MitigationUpdate the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Stack-based buffer over-read
EUVDB-ID: #VU10573
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6767
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file. A remote attacker can send a specially crafted RF64 file cause the application to crash.
Update the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU10823
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-7253
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote unautheticated attacker to cause DoS condition on the target system.
The weakness exists in the cli/dsdiff.c source codein the ParseDsdiffHeaderConfig function due to boundary error. A remote attacker can send a specially crafted DSDIFF file, trigger memory corruption and cause the service to crash.
Update the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory corruption
EUVDB-ID: #VU10822
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-7254
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the cli/caff.c source codein the ParseCaffHeaderConfig function due to boundary error. A remote attacker can submit a specially crafted CAF file, trigger a buffer overflow or incorrect memory allocation and cause the service to crash.
Update the affected package wavpack.
Vulnerable software versionsSlackware Linux: 14.0 - 14.2
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
