{"id":"MGASA-2019-0045","summary":"Updated wavpack packages fix security vulnerabilities","details":"Joonun Jang discovered that WavPack incorrectly handled certain RF64\nfiles. An attacker could possibly use this to cause a denial of service\n(CVE-2018-6767).\n\nIt was discovered that WavPack incorrectly handled certain DSDIFF files.\nAn attacker could possibly use this to execute arbitrary code or cause a\ndenial of service (CVE-2018-7253).\n\nIt was discovered that WavPack incorrectly handled certain CAF files. An\nattacker could possibly use this to cause a denial of service\n(CVE-2018-7254).\n\nThuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu\ndiscovered that WavPack incorrectly handled certain .wav files. An\nattacker could possibly use this to execute arbitrary code or cause a\ndenial of service (CVE-2018-10536, CVE-2018-10537).\n\nThuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu\ndiscovered that WavPack incorrectly handled certain .wav files. An\nattacker could possibly use this to cause a denial of service\n(CVE-2018-10538, CVE-2018-10539, CVE-2018-10540).\n\nIt was discovered that WavPack incorrectly handled certain WAV files. An\nattacker could possibly use this issue to cause a denial of service\n(CVE-2018-19840, CVE-2018-19841).\n","modified":"2026-02-01T06:40:36.836003Z","published":"2019-01-23T15:50:09Z","related":["CVE-2018-10536","CVE-2018-10537","CVE-2018-10538","CVE-2018-10539","CVE-2018-10540","CVE-2018-19840","CVE-2018-19841","CVE-2018-6767","CVE-2018-7253","CVE-2018-7254"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0045.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22588"},{"type":"REPORT","url":"https://usn.ubuntu.com/3568-1/"},{"type":"REPORT","url":"https://usn.ubuntu.com/3578-1/"},{"type":"REPORT","url":"https://usn.ubuntu.com/3637-1/"},{"type":"REPORT","url":"https://usn.ubuntu.com/3839-1/"}],"affected":[{"package":{"name":"wavpack","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/wavpack?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.0-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0045.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}