{"id":"CVE-2018-7253","details":"The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.","modified":"2026-04-16T01:41:05.574838028Z","published":"2018-02-19T23:29:00.213Z","related":["SUSE-SU-2021:0186-1","openSUSE-SU-2021:0153-1","openSUSE-SU-2021:0154-1","openSUSE-SU-2024:11505-1"],"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Dec/37"},{"type":"ADVISORY","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559"},{"type":"ADVISORY","url":"https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec"},{"type":"ADVISORY","url":"https://github.com/dbry/WavPack/issues/28"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3578-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4125"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559"},{"type":"FIX","url":"https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec"},{"type":"ARTICLE","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559"},{"type":"EVIDENCE","url":"https://github.com/dbry/WavPack/issues/28"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dbry/wavpack","events":[{"introduced":"0"},{"fixed":"36a24c7881427d2e1e4dc1cef58f19eee0d13aec"}]}],"versions":["4.70.0","4.70.0-rc","4.75.0","4.75.0-rc","4.75.2","4.80.0","4.80.0-rc","5.0.0","5.0.0-alpha","5.0.0-alpha2","5.0.0-alpha3","5.0.0-alpha4","5.0.0-alpha5","5.1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7253.json","vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"CVE-2018-7253-5c2dcc3c","digest":{"threshold":0.9,"line_hashes":["81332561189786647624362732108474924916","252273718220831402351615931267967076331","170544926138746867049186387820673304091","245929849587120000166047487591166708931"]},"target":{"file":"cli/dsdiff.c"},"source":"https://github.com/dbry/wavpack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec","signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CVE-2018-7253-c1bfef83","digest":{"length":6317,"function_hash":"228216815797683513329737268913628450895"},"target":{"function":"ParseDsdiffHeaderConfig","file":"cli/dsdiff.c"},"source":"https://github.com/dbry/wavpack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec","signature_version":"v1"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}