The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
{ "vanir_signatures": [ { "id": "CVE-2018-7253-5c2dcc3c", "deprecated": false, "signature_version": "v1", "source": "https://github.com/dbry/wavpack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec", "signature_type": "Line", "digest": { "line_hashes": [ "81332561189786647624362732108474924916", "252273718220831402351615931267967076331", "170544926138746867049186387820673304091", "245929849587120000166047487591166708931" ], "threshold": 0.9 }, "target": { "file": "cli/dsdiff.c" } }, { "id": "CVE-2018-7253-c1bfef83", "deprecated": false, "signature_version": "v1", "source": "https://github.com/dbry/wavpack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec", "signature_type": "Function", "digest": { "function_hash": "228216815797683513329737268913628450895", "length": 6317.0 }, "target": { "function": "ParseDsdiffHeaderConfig", "file": "cli/dsdiff.c" } } ] }