An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocopy calculation and subsequent malloc call, leading to insufficient memory allocation.
{ "vanir_signatures": [ { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "id": "CVE-2018-10540-294a3284", "digest": { "function_hash": "184729569822965087301669000513246286331", "length": 7859.0 }, "target": { "function": "ParseRiffHeaderConfig", "file": "cli/riff.c" } }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "id": "CVE-2018-10540-2fa9a354", "digest": { "line_hashes": [ "232057494164455220144767172649489583477", "110611123730469900830689342829752355457", "81420611912405984134380139041615867790", "93188358815698090562778273243671871941" ], "threshold": 0.9 }, "target": { "file": "cli/dsdiff.c" } }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "id": "CVE-2018-10540-b6880098", "digest": { "line_hashes": [ "111297851007108909387284957869522922221", "7400751062271159508161043106211857359", "89150272844446672438462142820231743482", "322445074363613205102206904284568707515" ], "threshold": 0.9 }, "target": { "file": "cli/wave64.c" } }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "id": "CVE-2018-10540-c836fca3", "digest": { "line_hashes": [ "213820010221483680803095728996233934287", "333107393162424743504898156762320146440", "336250158133138648718424887759520376101", "322445074363613205102206904284568707515" ], "threshold": 0.9 }, "target": { "file": "cli/riff.c" } }, { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "id": "CVE-2018-10540-c87123eb", "digest": { "function_hash": "288370877697744344414771569440210308840", "length": 6500.0 }, "target": { "function": "ParseWave64HeaderConfig", "file": "cli/wave64.c" } }, { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "source": "https://github.com/dbry/wavpack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "id": "CVE-2018-10540-d33b0fd3", "digest": { "function_hash": "63525521758563211822843282193964747098", "length": 6569.0 }, "target": { "function": "ParseDsdiffHeaderConfig", "file": "cli/dsdiff.c" } } ] }