MGASA-2019-0045

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0045.html

Import Source

https://advisories.mageia.org/MGASA-2019-0045.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0045

Related

Published

2019-01-23T15:50:09Z

Modified

2019-01-23T15:11:23Z

Summary

Updated wavpack packages fix security vulnerabilities

Details

Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service (CVE-2018-6767).

It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cause a denial of service (CVE-2018-7253).

It was discovered that WavPack incorrectly handled certain CAF files. An attacker could possibly use this to cause a denial of service (CVE-2018-7254).

Thuan Pham, Marcel BÃ¶hme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to execute arbitrary code or cause a denial of service (CVE-2018-10536, CVE-2018-10537).

Thuan Pham, Marcel BÃ¶hme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to cause a denial of service (CVE-2018-10538, CVE-2018-10539, CVE-2018-10540).

It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service (CVE-2018-19840, CVE-2018-19841).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2019-0045

Affected packages