SB2017020623 - Out-of-bounds read in wavpack (Alpine package)
Published: February 6, 2017
Security Bulletin ID
SB2017020623
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2016-10170)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2ec57e0e13ceccd61a0be8376969fb676d94c14a
- https://git.alpinelinux.org/aports/commit/?id=6f7ce22e0374f4f07d4f220f22ad7be8de37f4ac
- https://git.alpinelinux.org/aports/commit/?id=29c4cf2fe40fb0571586294d5dc27ab040cd1edd
- https://git.alpinelinux.org/aports/commit/?id=8f0ae71f69b278cfa03b46addf5ac4b17f13b829
- https://git.alpinelinux.org/aports/commit/?id=05c4b90783a66b036056239eca0ae6fa599046c2