Arch Linux alert ASA-201802-13 (lib32-wavpack)

From:
    	     
 
Levente Polyak <anthraxx@archlinux.org> 
To:
    	     
 
arch-security@archlinux.org 
Subject:
    	     
 
[ASA-201802-13] lib32-wavpack: arbitrary code execution 
Date:
    	     
 
Sat, 24 Feb 2018 01:46:03 +0100
Message-ID:
    	     
 
<39586f77-6bbb-2caf-e2e6-71873bba9677@archlinux.org>
Arch Linux Security Advisory ASA-201802-13
==========================================

Severity: High
Date    : 2018-02-23
CVE-ID  : CVE-2018-6767 CVE-2018-7253 CVE-2018-7254
Package : lib32-wavpack
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-634

Summary
=======

The package lib32-wavpack before version 5.1.0-2 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 5.1.0-2.

# pacman -Syu "lib32-wavpack>=5.1.0-2"

The problems have been fixed upstream in version 5.1.0.

Workaround
==========

None.

Description
===========

- CVE-2018-6767 (arbitrary code execution)

A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a
denial-of-service attack or possibly have unspecified other impact via
a maliciously crafted RF64 file.

- CVE-2018-7253 (arbitrary code execution)

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.

- CVE-2018-7254 (arbitrary code execution)

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack
5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect
memory allocation, via a maliciously crafted CAF file.

Impact
======

A remote attacker is able to execute arbitrary code on the affected
host via maliciously crafted files.

References
==========

https://bugs.archlinux.org/task/57609
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1b...
https://github.com/dbry/WavPack/issues/27
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e...
https://github.com/dbry/WavPack/issues/28
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3...
https://github.com/dbry/WavPack/issues/26
https://security.archlinux.org/CVE-2018-6767
https://security.archlinux.org/CVE-2018-7253
https://security.archlinux.org/CVE-2018-7254