Vulnerability Details CVE-2016-10169
The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.1%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2017/01/28/9
- http://www.securityfocus.com/bid/95883
- https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
- https://sourceforge.net/p/wavpack/mailman/message/35557889/
- https://usn.ubuntu.com/3568-1/
- http://www.openwall.com/lists/oss-security/2017/01/28/9
- http://www.securityfocus.com/bid/95883
- https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
- https://sourceforge.net/p/wavpack/mailman/message/35557889/
- https://usn.ubuntu.com/3568-1/
Products affected by CVE-2016-10169
-
cpe:2.3:a:wavpack_project:wavpack:*