CVE-2018-10537

HIGH7.8EPSS 0.69%

Published: 4/29/2018Modified: 4/28/2026

Description

An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.

Affected packages (2)

Alpine/wavpackfrom 0, < 5.1.0-r6
Debian/wavpackfrom 0, < 5.1.0-3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-10537
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-10537