CVE-2018-19841

描述

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

受影響套件(2)

• Alpine/wavpackfrom 0, < 5.1.0-r7
• Debian/wavpackfrom 0, < 5.1.0-5

CVSS 分數

參考連結(2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-19841
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-19841