Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 654532 - <media-sound/wavpack-5.1.0-r1: Multiple vulnerabilities
Summary: <media-sound/wavpack-5.1.0-r1: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-01 14:46 UTC by GLSAMaker/CVETool Bot
Modified: 2018-12-25 20:26 UTC (History)
3 users (show)

See Also:
Package list:
media-sound/wavpack-5.1.0-r1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-05-01 14:46:07 UTC 
CVE-2018-7254 (https://nvd.nist.gov/vuln/detail/CVE-2018-7254):
  The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0
  allows a remote attacker to cause a denial-of-service (global buffer
  over-read), or possibly trigger a buffer overflow or incorrect memory
  allocation, via a maliciously crafted CAF file.

CVE-2018-7253 (https://nvd.nist.gov/vuln/detail/CVE-2018-7253):
  The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack
  5.1.0 allows a remote attacker to cause a denial-of-service (heap-based
  buffer over-read) or possibly overwrite the heap via a maliciously crafted
  DSDIFF file.

CVE-2018-6767 (https://nvd.nist.gov/vuln/detail/CVE-2018-6767):
  A stack-based buffer over-read in the ParseRiffHeaderConfig function of
  cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a
  denial-of-service attack or possibly have unspecified other impact via a
  maliciously crafted RF64 file.

CVE-2018-10540 (https://nvd.nist.gov/vuln/detail/CVE-2018-10540):
  An issue was discovered in WavPack 5.1.0 and earlier for W64 input.
  Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c
  does not validate the sizes of unknown chunks before attempting memory
  allocation, related to a lack of integer-overflow protection within a
  bytes_to_copy calculation and subsequent malloc call, leading to
  insufficient memory allocation.

CVE-2018-10539 (https://nvd.nist.gov/vuln/detail/CVE-2018-10539):
  An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input.
  Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c
  does not validate the sizes of unknown chunks before attempting memory
  allocation, related to a lack of integer-overflow protection within a
  bytes_to_copy calculation and subsequent malloc call, leading to
  insufficient memory allocation.

CVE-2018-10538 (https://nvd.nist.gov/vuln/detail/CVE-2018-10538):
  An issue was discovered in WavPack 5.1.0 and earlier for WAV input.
  Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does
  not validate the sizes of unknown chunks before attempting memory
  allocation, related to a lack of integer-overflow protection within a
  bytes_to_copy calculation and subsequent malloc call, leading to
  insufficient memory allocation.

CVE-2018-10537 (https://nvd.nist.gov/vuln/detail/CVE-2018-10537):
  An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser
  component contains a vulnerability that allows writing to memory because
  ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.

CVE-2018-10536 (https://nvd.nist.gov/vuln/detail/CVE-2018-10536):
  An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser
  component contains a vulnerability that allows writing to memory because
  ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
Comment 1 Larry the Git Cow gentoo-dev 2018-08-22 20:43:03 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e53d3522da5a2474983143001f72547b953666d

commit 5e53d3522da5a2474983143001f72547b953666d
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-08-22 20:36:55 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-08-22 20:42:47 +0000

    media-sound/wavpack: Multiple security fixes
    
    CVE-2018-7254,CVE-2018-7253, CVE-2018-6767, CVE-2018-10540,
    CVE-2018-10539,CVE-2018-10538, CVE-2018-10537, CVE-2018-10536
    
    Bug: https://bugs.gentoo.org/654532
    Package-Manager: Portage-2.3.48, Repoman-2.3.10

 ...vpack-5.1.0-CVE-2018-10536-CVE-2018-10537.patch |  59 +++++++++++
 ...-2018-10538-CVE-2018-10539-CVE-2018-10540.patch |  70 +++++++++++++
 .../files/wavpack-5.1.0-CVE-2018-6767.patch        | 111 +++++++++++++++++++++
 .../files/wavpack-5.1.0-CVE-2018-7253.patch        |  31 ++++++
 .../files/wavpack-5.1.0-CVE-2018-7254.patch        |  64 ++++++++++++
 .../wavpack/files/wavpack-5.1.0-memleaks.patch     |  32 ++++++
 media-sound/wavpack/wavpack-5.1.0-r1.ebuild        |   8 +-
 7 files changed, 374 insertions(+), 1 deletion(-)
Comment 2 Andreas Sturmlechner gentoo-dev 2018-08-22 20:46:13 UTC 
Arches, please stabilise.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-24 01:41:50 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2018-08-24 12:38:01 UTC 
amd64 stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2018-08-26 18:52:57 UTC 
ia64 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2018-08-26 18:54:22 UTC 
ppc stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-08-26 18:56:14 UTC 
ppc64 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2018-08-27 10:33:40 UTC 
sparc stable, done by Rolf Eike Beer
Comment 9 Tobias Klausmann (RETIRED) gentoo-dev 2018-09-13 14:33:46 UTC 
Stable on alpha.
Comment 10 Markus Meier gentoo-dev 2018-09-19 16:59:00 UTC 
arm stable, all arches done.
Comment 11 Larry the Git Cow gentoo-dev 2018-09-20 15:22:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa1a635e2ca87d2ac1fe5bca817a4c9a909ac50f

commit aa1a635e2ca87d2ac1fe5bca817a4c9a909ac50f
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-09-20 13:06:38 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-09-20 15:22:22 +0000

    media-sound/wavpack: Security cleanup
    
    Bug: https://bugs.gentoo.org/654532
    Package-Manager: Portage-2.3.49, Repoman-2.3.10

 media-sound/wavpack/wavpack-5.1.0.ebuild | 29 -----------------------------
 1 file changed, 29 deletions(-)
Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev 2018-09-20 17:52:14 UTC 
GLSA Vote: No

All done, repository is clean.
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2018-12-25 20:26:45 UTC 
Cleanup removed only stable hppa keywords. Please consider adding arches to CC with stable keywords to stabilization bugs in future.

Thanks!