CVE-2018-7254

HIGH

Wavpack - Out-of-Bounds Read

Title source: rule

Description

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.

Exploits (1)

exploitdb WORKING POC

by r4xis · pythondosmultiple

https://www.exploit-db.com/exploits/44154

View Code ZIP pw:eip

References (8)

[Patch, Third Party Advisory] https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e

[Third Party Advisory] https://usn.ubuntu.com/3578-1/

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4125

[Issue Tracking, Third Party Advisory] https://github.com/dbry/WavPack/issues/26

[Issue Tracking, Mailing List, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44154/

[Mailing List] https://seclists.org/bugtraq/2019/Dec/37

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html

Scores

CVSS v3 7.8

EPSS 0.2131

EPSS Percentile 95.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (2)

debian/debian_linux 9.0

wavpack/wavpack 5.1.0

Published Feb 19, 2018

Tracked Since Feb 18, 2026