Advisories » MGASA-2019-0045

Updated wavpack packages fix security vulnerabilities

Publication date: 23 Jan 2019
Modification date: 23 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6767 , CVE-2018-7253 , CVE-2018-7254 , CVE-2018-10536 , CVE-2018-10537 , CVE-2018-10538 , CVE-2018-10539 , CVE-2018-10540 , CVE-2018-19840 , CVE-2018-19841

Description

Joonun Jang discovered that WavPack incorrectly handled certain RF64
files. An attacker could possibly use this to cause a denial of service
(CVE-2018-6767).

It was discovered that WavPack incorrectly handled certain DSDIFF files.
An attacker could possibly use this to execute arbitrary code or cause a
denial of service (CVE-2018-7253).

It was discovered that WavPack incorrectly handled certain CAF files. An
attacker could possibly use this to cause a denial of service
(CVE-2018-7254).

Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu
discovered that WavPack incorrectly handled certain .wav files. An
attacker could possibly use this to execute arbitrary code or cause a
denial of service (CVE-2018-10536, CVE-2018-10537).

Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu
discovered that WavPack incorrectly handled certain .wav files. An
attacker could possibly use this to cause a denial of service
(CVE-2018-10538, CVE-2018-10539, CVE-2018-10540).

It was discovered that WavPack incorrectly handled certain WAV files. An
attacker could possibly use this issue to cause a denial of service
(CVE-2018-19840, CVE-2018-19841).
                

References

SRPMS

6/core