An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy calculation and subsequent malloc call, leading to insufficient memory allocation.
{ "vanir_signatures": [ { "digest": { "function_hash": "184729569822965087301669000513246286331", "length": 7859.0 }, "id": "CVE-2018-10539-294a3284", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "signature_version": "v1", "signature_type": "Function", "target": { "file": "cli/riff.c", "function": "ParseRiffHeaderConfig" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "232057494164455220144767172649489583477", "110611123730469900830689342829752355457", "81420611912405984134380139041615867790", "93188358815698090562778273243671871941" ] }, "id": "CVE-2018-10539-2fa9a354", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "signature_version": "v1", "signature_type": "Line", "target": { "file": "cli/dsdiff.c" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "111297851007108909387284957869522922221", "7400751062271159508161043106211857359", "89150272844446672438462142820231743482", "322445074363613205102206904284568707515" ] }, "id": "CVE-2018-10539-b6880098", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "signature_version": "v1", "signature_type": "Line", "target": { "file": "cli/wave64.c" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "213820010221483680803095728996233934287", "333107393162424743504898156762320146440", "336250158133138648718424887759520376101", "322445074363613205102206904284568707515" ] }, "id": "CVE-2018-10539-c836fca3", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "signature_version": "v1", "signature_type": "Line", "target": { "file": "cli/riff.c" }, "deprecated": false }, { "digest": { "function_hash": "288370877697744344414771569440210308840", "length": 6500.0 }, "id": "CVE-2018-10539-c87123eb", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "signature_version": "v1", "signature_type": "Function", "target": { "file": "cli/wave64.c", "function": "ParseWave64HeaderConfig" }, "deprecated": false }, { "digest": { "function_hash": "63525521758563211822843282193964747098", "length": 6569.0 }, "id": "CVE-2018-10539-d33b0fd3", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "signature_version": "v1", "signature_type": "Function", "target": { "file": "cli/dsdiff.c", "function": "ParseDsdiffHeaderConfig" }, "deprecated": false } ] }