Subject: [ASA-201802-12] wavpack: arbitrary code execution Arch Linux Security Advisory ASA-201802-12 ========================================== Severity: High Date : 2018-02-23 CVE-ID : CVE-2018-6767 CVE-2018-7253 CVE-2018-7254 Package : wavpack Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-631 Summary ======= The package wavpack before version 5.1.0-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.1.0-2. # pacman -Syu "wavpack>=5.1.0-2" The problems have been fixed upstream in version 5.1.0. Workaround ========== None. Description =========== - CVE-2018-6767 (arbitrary code execution) A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. - CVE-2018-7253 (arbitrary code execution) The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. - CVE-2018-7254 (arbitrary code execution) The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. Impact ====== A remote attacker is able to execute arbitrary code on the affected host via maliciously crafted files. References ========== https://bugs.archlinux.org/task/57609 https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 https://github.com/dbry/WavPack/issues/27 https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec https://github.com/dbry/WavPack/issues/28 https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e https://github.com/dbry/WavPack/issues/26 https://security.archlinux.org/CVE-2018-6767 https://security.archlinux.org/CVE-2018-7253 https://security.archlinux.org/CVE-2018-7254