The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
CVSS Details
- CVSS 3.1 Base Score: 7.8
- CVSS 3.0 Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alpine Linux | alpine-linux-upgrade-wavpack | Aug 30, 2018 | Feb 19, 2018 | |
| Arch Linux | arch-linux-upgrade-latest | Jul 11, 2025 | Feb 19, 2018 | |
| Debian | debian-upgrade-wavpack | Mar 1, 2018 | Feb 19, 2018 | |
| Freebsd | freebsd-upgrade-package-wavpack | May 14, 2018 | May 11, 2018 | |
| Suse | — | suse-upgrade-libwavpack1suse-upgrade-libwavpack1-32bitsuse-upgrade-wavpacksuse-upgrade-wavpack-devel | May 20, 2018 | Feb 19, 2018 |
| Ubuntu | ubuntu-upgrade-libwavpack1ubuntu-upgrade-wavpack | Feb 23, 2018 | Feb 19, 2018 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub