SB2017020621 - Out-of-bounds read in wavpack (Alpine package)
Published: February 6, 2017
Security Bulletin ID
SB2017020621
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2016-10172)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=fcfac0bb84e91ad39d8554e3ff04d2aacc625915
- https://git.alpinelinux.org/aports/commit/?id=6f7ce22e0374f4f07d4f220f22ad7be8de37f4ac
- https://git.alpinelinux.org/aports/commit/?id=9f5a7e1687ed9f331cf5065f7c44d235b6426ef3
- https://git.alpinelinux.org/aports/commit/?id=29c4cf2fe40fb0571586294d5dc27ab040cd1edd
- https://git.alpinelinux.org/aports/commit/?id=8f0ae71f69b278cfa03b46addf5ac4b17f13b829
- https://git.alpinelinux.org/aports/commit/?id=05c4b90783a66b036056239eca0ae6fa599046c2