SB2019122005 - Slackware Linux update for wavpack

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Heap-based buffer overwrite (CVE-ID: CVE-2018-10536)

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the WAV parser component due to improper rejection of multiple format chunks by the ParseRiffHeaderConfig function, as defined in the riff.c source code file. A local attacker can execute a specially crafted .wav file, trigger heap buffer overwrite and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

2) Heap-based buffer overwrite (CVE-ID: CVE-2018-10537)

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the W64 parser component due to improper rejection of multiple format chunks by the ParseWave64HeaderConfig function, as defined in the wave64.c source code file. A local attacker can execute a specially crafted .wav file, trigger heap buffer overwrite and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

3) Buffer overflow (CVE-ID: CVE-2018-10538)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within ParseRiffHeaderConfig function in riff.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call 

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Buffer overflow (CVE-ID: CVE-2018-10539)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within ParseDsdiffHeaderConfig function in dsdiff.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call 

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Buffer overflow (CVE-ID: CVE-2018-10540)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within ParseWave64HeaderConfig function in wave64.c when processing WAV files. A remote unauthenticated attacker can create a specially crafted WAV file, trick the victim into opening it and trigger integer overflow in bytes_to_copy calculation and subsequent malloc call 

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Infinite loop (CVE-ID: CVE-2018-19840)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the WavpackPackInit function, as defined in the pack_utils.csource code file due to the WavpackSetConfiguration64 function improperly handles a block sample rate of zero. A remote attacker can trick the victim into accessing a .wav file that submits malicious, trigger an infinite loop condition that could consume excessive resources and cause the affected software to crash, resulting in a DoS condition.

7) Out-of-bounds read (CVE-ID: CVE-2018-19841)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the WavpackVerifySingleBlock function, as defined in the open_utils.c source code file due to improper processing of WavPack lossless audio files. A remote attacker can trick the victim into accessing a WavPack lossless audio file that submits malicious, trigger an out-of-bounds read condition and cause the affected software to crash, resulting in a DoS condition.

8) Stack-based buffer over-read (CVE-ID: CVE-2018-6767)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file. A remote attacker can send a specially crafted RF64 file cause the application to crash.

9) Memory corruption (CVE-ID: CVE-2018-7253)

The vulnerability allows a remote unautheticated attacker to cause DoS condition on the target system.

The weakness exists in the cli/dsdiff.c source codein the ParseDsdiffHeaderConfig function due to boundary error. A remote attacker can send a specially crafted DSDIFF file, trigger memory corruption and cause the service to crash.

10) Memory corruption (CVE-ID: CVE-2018-7254)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the cli/caff.c source codein the ParseCaffHeaderConfig function due to boundary error. A remote attacker can submit a specially crafted CAF file, trigger a buffer overflow or incorrect memory allocation and cause the service to crash.

Remediation

Install update from vendor's website.

References

• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.465266