An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "184646861603546030796083882222520450240", "84312685334654223078823520833341925555", "154082140996508720341843738016562010053", "252660553131924893101833006221813729282", "1343942213833317061756424501775694324", "308077053378223483629199569743747749424", "93649652678570829531834480878423478937" ] }, "id": "CVE-2018-10536-504d4a8e", "source": "https://github.com/dbry/wavpack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15", "signature_type": "Line", "signature_version": "v1", "target": { "file": "cli/riff.c" }, "deprecated": false }, { "digest": { "function_hash": "140476048034579333997910718229279907451", "length": 7983.0 }, "id": "CVE-2018-10536-73ffe786", "source": "https://github.com/dbry/wavpack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15", "signature_type": "Function", "signature_version": "v1", "target": { "file": "cli/riff.c", "function": "ParseRiffHeaderConfig" }, "deprecated": false }, { "digest": { "function_hash": "118300800463717199926781613989967737417", "length": 6624.0 }, "id": "CVE-2018-10536-96af42bf", "source": "https://github.com/dbry/wavpack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15", "signature_type": "Function", "signature_version": "v1", "target": { "file": "cli/wave64.c", "function": "ParseWave64HeaderConfig" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "332865019631066372223500709303797431877", "280271726020800377614925935580540570684", "138012726190409765382337285991215305476", "286662417744728389179015073645145507988", "106166235591341177200476569566427557660", "69502089290313573260304176946327060439", "60925149395709222123254455234564749263" ] }, "id": "CVE-2018-10536-9901ed41", "source": "https://github.com/dbry/wavpack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15", "signature_type": "Line", "signature_version": "v1", "target": { "file": "cli/wave64.c" }, "deprecated": false } ] }