{"id":"USN-3637-1","summary":"wavpack vulnerabilities","details":"Thuan Pham,  Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu\ndiscovered that WavPack incorrectly handled certain .wav files. An\nattacker could possibly use this to execute arbitrary code or cause a\ndenial of service. (CVE-2018-10536, CVE-2018-10537)\n\nThuan Pham,  Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu\ndiscovered that WavPack incorrectly handled certain .wav files. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2018-10538, CVE-2018-10539, CVE-2018-10540)\n","modified":"2026-02-10T04:41:20Z","published":"2018-04-30T20:09:25Z","related":["UBUNTU-CVE-2018-10536","UBUNTU-CVE-2018-10537","UBUNTU-CVE-2018-10538","UBUNTU-CVE-2018-10539","UBUNTU-CVE-2018-10540"],"upstream":["CVE-2018-10536","CVE-2018-10537","CVE-2018-10538","CVE-2018-10539","CVE-2018-10540","UBUNTU-CVE-2018-10536","UBUNTU-CVE-2018-10537","UBUNTU-CVE-2018-10538","UBUNTU-CVE-2018-10539","UBUNTU-CVE-2018-10540"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3637-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-10536"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-10537"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-10538"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-10539"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-10540"}],"affected":[{"package":{"name":"wavpack","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/wavpack@5.1.0-2ubuntu1.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.0-2ubuntu1.1"}]}],"versions":["5.1.0-2","5.1.0-2ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libwavpack-dev","binary_version":"5.1.0-2ubuntu1.1"},{"binary_name":"libwavpack1","binary_version":"5.1.0-2ubuntu1.1"},{"binary_name":"wavpack","binary_version":"5.1.0-2ubuntu1.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-10536"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-10537"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-10538"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-10539"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-10540"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3637-1.json"}}],"schema_version":"1.7.3"}