Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10539 (GCVE-0-2018-10539)
Vulnerability from cvelistv5
Published
2018-04-29 15:00
Modified
2024-08-05 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T01:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10539",
"datePublished": "2018-04-29T15:00:00",
"dateReserved": "2018-04-29T00:00:00",
"dateUpdated": "2024-08-05T07:39:07.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10539\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-04-29T15:29:00.570\",\"lastModified\":\"2024-11-21T03:41:31.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en WavPack 5.1.0 y anteriores para las entradas DSDiff. Pueden ocurrir escrituras fuera de l\u00edmites debido a que ParseDsdiffHeaderConfig en dsdiff.c no valida los tama\u00f1os de los fragmentos desconocidos antes de intentar asignar memoria. Esto se relaciona con la falta de protecci\u00f3n ante desbordamientos de enteros en un c\u00e1lculo bytes_to_copy y una subsecuente llamada malloc, lo que conduce a una asignaci\u00f3n de memoria insuficiente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1.0\",\"matchCriteriaId\":\"A5AF1FF6-17E5-429C-8280-8215E7010571\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dbry/WavPack/issues/33\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/37\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3637-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4197\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dbry/WavPack/issues/33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3637-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
gsd-2018-10539
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10539",
"description": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"id": "GSD-2018-10539",
"references": [
"https://www.suse.com/security/cve/CVE-2018-10539.html",
"https://www.debian.org/security/2018/dsa-4197",
"https://ubuntu.com/security/CVE-2018-10539",
"https://advisories.mageia.org/CVE-2018-10539.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10539"
],
"details": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"id": "GSD-2018-10539",
"modified": "2023-12-13T01:22:41.201461Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10539"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-12-20T10:15Z",
"publishedDate": "2018-04-29T15:29Z"
}
}
}
opensuse-su-2021:0154-1
Vulnerability from csaf_opensuse
Published
2021-01-24 17:22
Modified
2021-01-24 17:22
Summary
Security update for wavpack
Notes
Title of the patch
Security update for wavpack
Description of the patch
This update for wavpack fixes the following issues:
- Update to version 5.4.0
* CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414)
* fixed: disable A32 asm code when building for Apple silicon
* fixed: issues with Adobe-style floating-point WAV files
* added: --normalize-floats option to wvunpack for correctly
exporting un-normalized floating-point files
- Update to version 5.3.0
* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
* fixed: trailing garbage characters on imported ID3v2 TXXX tags
* fixed: various minor undefined behavior and memory access issues
* fixed: sanitize tag extraction names for length and path inclusion
* improved: reformat wvunpack 'help' and split into long + short versions
* added: regression testing to Travis CI for OSS-Fuzz crashers
- Updated to version 5.2.0
*fixed: potential security issues including the following CVEs:
CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),
CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),
CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340),
CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498
and CVE-2019-1010319
* added: support for CMake, Travis CI, and Google's OSS-fuzz
* fixed: use correction file for encode verify (pipe input, Windows)
* fixed: correct WAV header with actual length (pipe input, -i option)
* fixed: thumb interworking and not needing v6 architecture (ARM asm)
* added: handle more ID3v2.3 tag items and from all file types
* fixed: coredump on Sparc64 (changed MD5 implementation)
* fixed: handle invalid ID3v2.3 tags from sacd-ripper
* fixed: several corner-case memory leaks
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-154
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wavpack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n * fixed: disable A32 asm code when building for Apple silicon\n * fixed: issues with Adobe-style floating-point WAV files\n * added: --normalize-floats option to wvunpack for correctly\n exporting un-normalized floating-point files\n- Update to version 5.3.0 \n * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n * fixed: various minor undefined behavior and memory access issues\n * fixed: sanitize tag extraction names for length and path inclusion\n * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n *fixed: potential security issues including the following CVEs:\n CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), \n CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n and CVE-2019-1010319\n * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n * fixed: use correction file for encode verify (pipe input, Windows)\n * fixed: correct WAV header with actual length (pipe input, -i option)\n * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n * added: handle more ID3v2.3 tag items and from all file types\n * fixed: coredump on Sparc64 (changed MD5 implementation)\n * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n * fixed: several corner-case memory leaks\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-154",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0154-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0154-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FD5IPNZ6LGJLORJOQVT3MAHBWF3ORQPT/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0154-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FD5IPNZ6LGJLORJOQVT3MAHBWF3ORQPT/"
},
{
"category": "self",
"summary": "SUSE Bug 1091340",
"url": "https://bugzilla.suse.com/1091340"
},
{
"category": "self",
"summary": "SUSE Bug 1091341",
"url": "https://bugzilla.suse.com/1091341"
},
{
"category": "self",
"summary": "SUSE Bug 1091342",
"url": "https://bugzilla.suse.com/1091342"
},
{
"category": "self",
"summary": "SUSE Bug 1091343",
"url": "https://bugzilla.suse.com/1091343"
},
{
"category": "self",
"summary": "SUSE Bug 1091344",
"url": "https://bugzilla.suse.com/1091344"
},
{
"category": "self",
"summary": "SUSE Bug 1180414",
"url": "https://bugzilla.suse.com/1180414"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10536 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10537 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10538 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10539 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10540 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19841 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6767 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7253 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7254 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1010319 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35738/"
}
],
"title": "Security update for wavpack",
"tracking": {
"current_release_date": "2021-01-24T17:22:08Z",
"generator": {
"date": "2021-01-24T17:22:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0154-1",
"initial_release_date": "2021-01-24T17:22:08Z",
"revision_history": [
{
"date": "2021-01-24T17:22:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-lp151.5.6.1.i586",
"product": {
"name": "libwavpack1-5.4.0-lp151.5.6.1.i586",
"product_id": "libwavpack1-5.4.0-lp151.5.6.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-lp151.5.6.1.i586",
"product": {
"name": "wavpack-5.4.0-lp151.5.6.1.i586",
"product_id": "wavpack-5.4.0-lp151.5.6.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
"product": {
"name": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
"product_id": "wavpack-devel-5.4.0-lp151.5.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"product": {
"name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"product_id": "libwavpack1-5.4.0-lp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"product": {
"name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"product_id": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-lp151.5.6.1.x86_64",
"product": {
"name": "wavpack-5.4.0-lp151.5.6.1.x86_64",
"product_id": "wavpack-5.4.0-lp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
"product": {
"name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
"product_id": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586"
},
"product_reference": "libwavpack1-5.4.0-lp151.5.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64"
},
"product_reference": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586"
},
"product_reference": "wavpack-5.4.0-lp151.5.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64"
},
"product_reference": "wavpack-5.4.0-lp151.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586"
},
"product_reference": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10536"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10536",
"url": "https://www.suse.com/security/cve/CVE-2018-10536"
},
{
"category": "external",
"summary": "SUSE Bug 1091344 for CVE-2018-10536",
"url": "https://bugzilla.suse.com/1091344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "important"
}
],
"title": "CVE-2018-10536"
},
{
"cve": "CVE-2018-10537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10537"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10537",
"url": "https://www.suse.com/security/cve/CVE-2018-10537"
},
{
"category": "external",
"summary": "SUSE Bug 1091343 for CVE-2018-10537",
"url": "https://bugzilla.suse.com/1091343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "important"
}
],
"title": "CVE-2018-10537"
},
{
"cve": "CVE-2018-10538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10538"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10538",
"url": "https://www.suse.com/security/cve/CVE-2018-10538"
},
{
"category": "external",
"summary": "SUSE Bug 1091342 for CVE-2018-10538",
"url": "https://bugzilla.suse.com/1091342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-10538"
},
{
"cve": "CVE-2018-10539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10539"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10539",
"url": "https://www.suse.com/security/cve/CVE-2018-10539"
},
{
"category": "external",
"summary": "SUSE Bug 1091341 for CVE-2018-10539",
"url": "https://bugzilla.suse.com/1091341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-10539"
},
{
"cve": "CVE-2018-10540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10540"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10540",
"url": "https://www.suse.com/security/cve/CVE-2018-10540"
},
{
"category": "external",
"summary": "SUSE Bug 1091340 for CVE-2018-10540",
"url": "https://bugzilla.suse.com/1091340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-10540"
},
{
"cve": "CVE-2018-19840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19840"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19840",
"url": "https://www.suse.com/security/cve/CVE-2018-19840"
},
{
"category": "external",
"summary": "SUSE Bug 1120930 for CVE-2018-19840",
"url": "https://bugzilla.suse.com/1120930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2018-19840"
},
{
"cve": "CVE-2018-19841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19841"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19841",
"url": "https://www.suse.com/security/cve/CVE-2018-19841"
},
{
"category": "external",
"summary": "SUSE Bug 1120929 for CVE-2018-19841",
"url": "https://bugzilla.suse.com/1120929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2018-19841"
},
{
"cve": "CVE-2018-6767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6767"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6767",
"url": "https://www.suse.com/security/cve/CVE-2018-6767"
},
{
"category": "external",
"summary": "SUSE Bug 1079746 for CVE-2018-6767",
"url": "https://bugzilla.suse.com/1079746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "important"
}
],
"title": "CVE-2018-6767"
},
{
"cve": "CVE-2018-7253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7253"
}
],
"notes": [
{
"category": "general",
"text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7253",
"url": "https://www.suse.com/security/cve/CVE-2018-7253"
},
{
"category": "external",
"summary": "SUSE Bug 1081692 for CVE-2018-7253",
"url": "https://bugzilla.suse.com/1081692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-7253"
},
{
"cve": "CVE-2018-7254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7254"
}
],
"notes": [
{
"category": "general",
"text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7254",
"url": "https://www.suse.com/security/cve/CVE-2018-7254"
},
{
"category": "external",
"summary": "SUSE Bug 1081693 for CVE-2018-7254",
"url": "https://bugzilla.suse.com/1081693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2018-7254"
},
{
"cve": "CVE-2019-1010319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1010319"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1010319",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319"
},
{
"category": "external",
"summary": "SUSE Bug 1141334 for CVE-2019-1010319",
"url": "https://bugzilla.suse.com/1141334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2019-1010319"
},
{
"cve": "CVE-2019-11498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11498"
}
],
"notes": [
{
"category": "general",
"text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11498",
"url": "https://www.suse.com/security/cve/CVE-2019-11498"
},
{
"category": "external",
"summary": "SUSE Bug 1133384 for CVE-2019-11498",
"url": "https://bugzilla.suse.com/1133384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2019-11498"
},
{
"cve": "CVE-2020-35738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35738"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35738",
"url": "https://www.suse.com/security/cve/CVE-2020-35738"
},
{
"category": "external",
"summary": "SUSE Bug 1180414 for CVE-2020-35738",
"url": "https://bugzilla.suse.com/1180414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "important"
}
],
"title": "CVE-2020-35738"
}
]
}
opensuse-su-2021:0153-1
Vulnerability from csaf_opensuse
Published
2021-01-24 17:22
Modified
2021-01-24 17:22
Summary
Security update for wavpack
Notes
Title of the patch
Security update for wavpack
Description of the patch
This update for wavpack fixes the following issues:
- Update to version 5.4.0
* CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414)
* fixed: disable A32 asm code when building for Apple silicon
* fixed: issues with Adobe-style floating-point WAV files
* added: --normalize-floats option to wvunpack for correctly
exporting un-normalized floating-point files
- Update to version 5.3.0
* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
* fixed: trailing garbage characters on imported ID3v2 TXXX tags
* fixed: various minor undefined behavior and memory access issues
* fixed: sanitize tag extraction names for length and path inclusion
* improved: reformat wvunpack 'help' and split into long + short versions
* added: regression testing to Travis CI for OSS-Fuzz crashers
- Updated to version 5.2.0
*fixed: potential security issues including the following CVEs:
CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),
CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),
CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340),
CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498
and CVE-2019-1010319
* added: support for CMake, Travis CI, and Google's OSS-fuzz
* fixed: use correction file for encode verify (pipe input, Windows)
* fixed: correct WAV header with actual length (pipe input, -i option)
* fixed: thumb interworking and not needing v6 architecture (ARM asm)
* added: handle more ID3v2.3 tag items and from all file types
* fixed: coredump on Sparc64 (changed MD5 implementation)
* fixed: handle invalid ID3v2.3 tags from sacd-ripper
* fixed: several corner-case memory leaks
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-153
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wavpack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n * fixed: disable A32 asm code when building for Apple silicon\n * fixed: issues with Adobe-style floating-point WAV files\n * added: --normalize-floats option to wvunpack for correctly\n exporting un-normalized floating-point files\n- Update to version 5.3.0 \n * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n * fixed: various minor undefined behavior and memory access issues\n * fixed: sanitize tag extraction names for length and path inclusion\n * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n *fixed: potential security issues including the following CVEs:\n CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), \n CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n and CVE-2019-1010319\n * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n * fixed: use correction file for encode verify (pipe input, Windows)\n * fixed: correct WAV header with actual length (pipe input, -i option)\n * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n * added: handle more ID3v2.3 tag items and from all file types\n * fixed: coredump on Sparc64 (changed MD5 implementation)\n * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n * fixed: several corner-case memory leaks\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-153",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0153-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0153-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EK4DH6BBB2WPBM677O7MFUOO5UBKUW37/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0153-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EK4DH6BBB2WPBM677O7MFUOO5UBKUW37/"
},
{
"category": "self",
"summary": "SUSE Bug 1091340",
"url": "https://bugzilla.suse.com/1091340"
},
{
"category": "self",
"summary": "SUSE Bug 1091341",
"url": "https://bugzilla.suse.com/1091341"
},
{
"category": "self",
"summary": "SUSE Bug 1091342",
"url": "https://bugzilla.suse.com/1091342"
},
{
"category": "self",
"summary": "SUSE Bug 1091343",
"url": "https://bugzilla.suse.com/1091343"
},
{
"category": "self",
"summary": "SUSE Bug 1091344",
"url": "https://bugzilla.suse.com/1091344"
},
{
"category": "self",
"summary": "SUSE Bug 1180414",
"url": "https://bugzilla.suse.com/1180414"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10536 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10537 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10538 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10539 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10540 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19841 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6767 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7253 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7254 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1010319 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35738/"
}
],
"title": "Security update for wavpack",
"tracking": {
"current_release_date": "2021-01-24T17:22:03Z",
"generator": {
"date": "2021-01-24T17:22:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0153-1",
"initial_release_date": "2021-01-24T17:22:03Z",
"revision_history": [
{
"date": "2021-01-24T17:22:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-lp152.7.3.1.i586",
"product": {
"name": "libwavpack1-5.4.0-lp152.7.3.1.i586",
"product_id": "libwavpack1-5.4.0-lp152.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-lp152.7.3.1.i586",
"product": {
"name": "wavpack-5.4.0-lp152.7.3.1.i586",
"product_id": "wavpack-5.4.0-lp152.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
"product": {
"name": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
"product_id": "wavpack-devel-5.4.0-lp152.7.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"product": {
"name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"product_id": "libwavpack1-5.4.0-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"product": {
"name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"product_id": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-lp152.7.3.1.x86_64",
"product": {
"name": "wavpack-5.4.0-lp152.7.3.1.x86_64",
"product_id": "wavpack-5.4.0-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
"product": {
"name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
"product_id": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586"
},
"product_reference": "libwavpack1-5.4.0-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64"
},
"product_reference": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586"
},
"product_reference": "wavpack-5.4.0-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64"
},
"product_reference": "wavpack-5.4.0-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586"
},
"product_reference": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10536"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10536",
"url": "https://www.suse.com/security/cve/CVE-2018-10536"
},
{
"category": "external",
"summary": "SUSE Bug 1091344 for CVE-2018-10536",
"url": "https://bugzilla.suse.com/1091344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "important"
}
],
"title": "CVE-2018-10536"
},
{
"cve": "CVE-2018-10537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10537"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10537",
"url": "https://www.suse.com/security/cve/CVE-2018-10537"
},
{
"category": "external",
"summary": "SUSE Bug 1091343 for CVE-2018-10537",
"url": "https://bugzilla.suse.com/1091343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "important"
}
],
"title": "CVE-2018-10537"
},
{
"cve": "CVE-2018-10538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10538"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10538",
"url": "https://www.suse.com/security/cve/CVE-2018-10538"
},
{
"category": "external",
"summary": "SUSE Bug 1091342 for CVE-2018-10538",
"url": "https://bugzilla.suse.com/1091342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-10538"
},
{
"cve": "CVE-2018-10539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10539"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10539",
"url": "https://www.suse.com/security/cve/CVE-2018-10539"
},
{
"category": "external",
"summary": "SUSE Bug 1091341 for CVE-2018-10539",
"url": "https://bugzilla.suse.com/1091341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-10539"
},
{
"cve": "CVE-2018-10540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10540"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10540",
"url": "https://www.suse.com/security/cve/CVE-2018-10540"
},
{
"category": "external",
"summary": "SUSE Bug 1091340 for CVE-2018-10540",
"url": "https://bugzilla.suse.com/1091340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-10540"
},
{
"cve": "CVE-2018-19840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19840"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19840",
"url": "https://www.suse.com/security/cve/CVE-2018-19840"
},
{
"category": "external",
"summary": "SUSE Bug 1120930 for CVE-2018-19840",
"url": "https://bugzilla.suse.com/1120930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2018-19840"
},
{
"cve": "CVE-2018-19841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19841"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19841",
"url": "https://www.suse.com/security/cve/CVE-2018-19841"
},
{
"category": "external",
"summary": "SUSE Bug 1120929 for CVE-2018-19841",
"url": "https://bugzilla.suse.com/1120929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2018-19841"
},
{
"cve": "CVE-2018-6767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6767"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6767",
"url": "https://www.suse.com/security/cve/CVE-2018-6767"
},
{
"category": "external",
"summary": "SUSE Bug 1079746 for CVE-2018-6767",
"url": "https://bugzilla.suse.com/1079746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "important"
}
],
"title": "CVE-2018-6767"
},
{
"cve": "CVE-2018-7253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7253"
}
],
"notes": [
{
"category": "general",
"text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7253",
"url": "https://www.suse.com/security/cve/CVE-2018-7253"
},
{
"category": "external",
"summary": "SUSE Bug 1081692 for CVE-2018-7253",
"url": "https://bugzilla.suse.com/1081692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-7253"
},
{
"cve": "CVE-2018-7254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7254"
}
],
"notes": [
{
"category": "general",
"text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7254",
"url": "https://www.suse.com/security/cve/CVE-2018-7254"
},
{
"category": "external",
"summary": "SUSE Bug 1081693 for CVE-2018-7254",
"url": "https://bugzilla.suse.com/1081693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2018-7254"
},
{
"cve": "CVE-2019-1010319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1010319"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1010319",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319"
},
{
"category": "external",
"summary": "SUSE Bug 1141334 for CVE-2019-1010319",
"url": "https://bugzilla.suse.com/1141334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2019-1010319"
},
{
"cve": "CVE-2019-11498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11498"
}
],
"notes": [
{
"category": "general",
"text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11498",
"url": "https://www.suse.com/security/cve/CVE-2019-11498"
},
{
"category": "external",
"summary": "SUSE Bug 1133384 for CVE-2019-11498",
"url": "https://bugzilla.suse.com/1133384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2019-11498"
},
{
"cve": "CVE-2020-35738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35738"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35738",
"url": "https://www.suse.com/security/cve/CVE-2020-35738"
},
{
"category": "external",
"summary": "SUSE Bug 1180414 for CVE-2020-35738",
"url": "https://bugzilla.suse.com/1180414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "important"
}
],
"title": "CVE-2020-35738"
}
]
}
suse-su-2021:0186-1
Vulnerability from csaf_suse
Published
2021-01-21 13:56
Modified
2021-01-21 13:56
Summary
Security update for wavpack
Notes
Title of the patch
Security update for wavpack
Description of the patch
This update for wavpack fixes the following issues:
- Update to version 5.4.0
* CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414)
* fixed: disable A32 asm code when building for Apple silicon
* fixed: issues with Adobe-style floating-point WAV files
* added: --normalize-floats option to wvunpack for correctly
exporting un-normalized floating-point files
- Update to version 5.3.0
* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
* fixed: trailing garbage characters on imported ID3v2 TXXX tags
* fixed: various minor undefined behavior and memory access issues
* fixed: sanitize tag extraction names for length and path inclusion
* improved: reformat wvunpack 'help' and split into long + short versions
* added: regression testing to Travis CI for OSS-Fuzz crashers
- Updated to version 5.2.0
*fixed: potential security issues including the following CVEs:
CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),
CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),
CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340),
CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498
and CVE-2019-1010319
* added: support for CMake, Travis CI, and Google's OSS-fuzz
* fixed: use correction file for encode verify (pipe input, Windows)
* fixed: correct WAV header with actual length (pipe input, -i option)
* fixed: thumb interworking and not needing v6 architecture (ARM asm)
* added: handle more ID3v2.3 tag items and from all file types
* fixed: coredump on Sparc64 (changed MD5 implementation)
* fixed: handle invalid ID3v2.3 tags from sacd-ripper
* fixed: several corner-case memory leaks
Patchnames
SUSE-2021-186,SUSE-SLE-Module-Basesystem-15-SP2-2021-186,SUSE-SLE-Module-Basesystem-15-SP3-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-186,SUSE-SLE-Product-HPC-15-2021-186,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-186,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES-15-2021-186,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-186,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES_SAP-15-2021-186,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-186,SUSE-Storage-6-2021-186
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wavpack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n * fixed: disable A32 asm code when building for Apple silicon\n * fixed: issues with Adobe-style floating-point WAV files\n * added: --normalize-floats option to wvunpack for correctly\n exporting un-normalized floating-point files\n- Update to version 5.3.0 \n * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n * fixed: various minor undefined behavior and memory access issues\n * fixed: sanitize tag extraction names for length and path inclusion\n * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n *fixed: potential security issues including the following CVEs:\n CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), \n CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n and CVE-2019-1010319\n * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n * fixed: use correction file for encode verify (pipe input, Windows)\n * fixed: correct WAV header with actual length (pipe input, -i option)\n * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n * added: handle more ID3v2.3 tag items and from all file types\n * fixed: coredump on Sparc64 (changed MD5 implementation)\n * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n * fixed: several corner-case memory leaks\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-186,SUSE-SLE-Module-Basesystem-15-SP2-2021-186,SUSE-SLE-Module-Basesystem-15-SP3-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-186,SUSE-SLE-Product-HPC-15-2021-186,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-186,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES-15-2021-186,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-186,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES_SAP-15-2021-186,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-186,SUSE-Storage-6-2021-186",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0186-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0186-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210186-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0186-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008234.html"
},
{
"category": "self",
"summary": "SUSE Bug 1091340",
"url": "https://bugzilla.suse.com/1091340"
},
{
"category": "self",
"summary": "SUSE Bug 1091341",
"url": "https://bugzilla.suse.com/1091341"
},
{
"category": "self",
"summary": "SUSE Bug 1091342",
"url": "https://bugzilla.suse.com/1091342"
},
{
"category": "self",
"summary": "SUSE Bug 1091343",
"url": "https://bugzilla.suse.com/1091343"
},
{
"category": "self",
"summary": "SUSE Bug 1091344",
"url": "https://bugzilla.suse.com/1091344"
},
{
"category": "self",
"summary": "SUSE Bug 1180414",
"url": "https://bugzilla.suse.com/1180414"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10536 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10537 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10538 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10539 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10540 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19841 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6767 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7253 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7254 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1010319 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35738/"
}
],
"title": "Security update for wavpack",
"tracking": {
"current_release_date": "2021-01-21T13:56:16Z",
"generator": {
"date": "2021-01-21T13:56:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0186-1",
"initial_release_date": "2021-01-21T13:56:16Z",
"revision_history": [
{
"date": "2021-01-21T13:56:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.aarch64",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64",
"product_id": "libwavpack1-5.4.0-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.aarch64",
"product": {
"name": "wavpack-5.4.0-4.9.1.aarch64",
"product_id": "wavpack-5.4.0-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.aarch64",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64",
"product_id": "wavpack-devel-5.4.0-4.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32",
"product": {
"name": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32",
"product_id": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.i586",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.i586",
"product_id": "libwavpack1-5.4.0-4.9.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.i586",
"product": {
"name": "wavpack-5.4.0-4.9.1.i586",
"product_id": "wavpack-5.4.0-4.9.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.i586",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.i586",
"product_id": "wavpack-devel-5.4.0-4.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.ppc64le",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le",
"product_id": "libwavpack1-5.4.0-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.ppc64le",
"product": {
"name": "wavpack-5.4.0-4.9.1.ppc64le",
"product_id": "wavpack-5.4.0-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"product_id": "wavpack-devel-5.4.0-4.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.s390x",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.s390x",
"product_id": "libwavpack1-5.4.0-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.s390x",
"product": {
"name": "wavpack-5.4.0-4.9.1.s390x",
"product_id": "wavpack-5.4.0-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.s390x",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.s390x",
"product_id": "wavpack-devel-5.4.0-4.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.x86_64",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64",
"product_id": "libwavpack1-5.4.0-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwavpack1-32bit-5.4.0-4.9.1.x86_64",
"product": {
"name": "libwavpack1-32bit-5.4.0-4.9.1.x86_64",
"product_id": "libwavpack1-32bit-5.4.0-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.x86_64",
"product": {
"name": "wavpack-5.4.0-4.9.1.x86_64",
"product_id": "wavpack-5.4.0-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.x86_64",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64",
"product_id": "wavpack-devel-5.4.0-4.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.0",
"product": {
"name": "SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10536"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10536",
"url": "https://www.suse.com/security/cve/CVE-2018-10536"
},
{
"category": "external",
"summary": "SUSE Bug 1091344 for CVE-2018-10536",
"url": "https://bugzilla.suse.com/1091344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2018-10536"
},
{
"cve": "CVE-2018-10537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10537"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10537",
"url": "https://www.suse.com/security/cve/CVE-2018-10537"
},
{
"category": "external",
"summary": "SUSE Bug 1091343 for CVE-2018-10537",
"url": "https://bugzilla.suse.com/1091343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2018-10537"
},
{
"cve": "CVE-2018-10538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10538"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10538",
"url": "https://www.suse.com/security/cve/CVE-2018-10538"
},
{
"category": "external",
"summary": "SUSE Bug 1091342 for CVE-2018-10538",
"url": "https://bugzilla.suse.com/1091342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-10538"
},
{
"cve": "CVE-2018-10539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10539"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10539",
"url": "https://www.suse.com/security/cve/CVE-2018-10539"
},
{
"category": "external",
"summary": "SUSE Bug 1091341 for CVE-2018-10539",
"url": "https://bugzilla.suse.com/1091341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-10539"
},
{
"cve": "CVE-2018-10540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10540"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10540",
"url": "https://www.suse.com/security/cve/CVE-2018-10540"
},
{
"category": "external",
"summary": "SUSE Bug 1091340 for CVE-2018-10540",
"url": "https://bugzilla.suse.com/1091340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-10540"
},
{
"cve": "CVE-2018-19840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19840"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19840",
"url": "https://www.suse.com/security/cve/CVE-2018-19840"
},
{
"category": "external",
"summary": "SUSE Bug 1120930 for CVE-2018-19840",
"url": "https://bugzilla.suse.com/1120930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "low"
}
],
"title": "CVE-2018-19840"
},
{
"cve": "CVE-2018-19841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19841"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19841",
"url": "https://www.suse.com/security/cve/CVE-2018-19841"
},
{
"category": "external",
"summary": "SUSE Bug 1120929 for CVE-2018-19841",
"url": "https://bugzilla.suse.com/1120929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "low"
}
],
"title": "CVE-2018-19841"
},
{
"cve": "CVE-2018-6767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6767"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6767",
"url": "https://www.suse.com/security/cve/CVE-2018-6767"
},
{
"category": "external",
"summary": "SUSE Bug 1079746 for CVE-2018-6767",
"url": "https://bugzilla.suse.com/1079746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2018-6767"
},
{
"cve": "CVE-2018-7253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7253"
}
],
"notes": [
{
"category": "general",
"text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7253",
"url": "https://www.suse.com/security/cve/CVE-2018-7253"
},
{
"category": "external",
"summary": "SUSE Bug 1081692 for CVE-2018-7253",
"url": "https://bugzilla.suse.com/1081692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-7253"
},
{
"cve": "CVE-2018-7254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7254"
}
],
"notes": [
{
"category": "general",
"text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7254",
"url": "https://www.suse.com/security/cve/CVE-2018-7254"
},
{
"category": "external",
"summary": "SUSE Bug 1081693 for CVE-2018-7254",
"url": "https://bugzilla.suse.com/1081693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "low"
}
],
"title": "CVE-2018-7254"
},
{
"cve": "CVE-2019-1010319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1010319"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1010319",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319"
},
{
"category": "external",
"summary": "SUSE Bug 1141334 for CVE-2019-1010319",
"url": "https://bugzilla.suse.com/1141334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-1010319"
},
{
"cve": "CVE-2019-11498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11498"
}
],
"notes": [
{
"category": "general",
"text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11498",
"url": "https://www.suse.com/security/cve/CVE-2019-11498"
},
{
"category": "external",
"summary": "SUSE Bug 1133384 for CVE-2019-11498",
"url": "https://bugzilla.suse.com/1133384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "low"
}
],
"title": "CVE-2019-11498"
},
{
"cve": "CVE-2020-35738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35738"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35738",
"url": "https://www.suse.com/security/cve/CVE-2020-35738"
},
{
"category": "external",
"summary": "SUSE Bug 1180414 for CVE-2020-35738",
"url": "https://bugzilla.suse.com/1180414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2020-35738"
}
]
}
fkie_cve-2018-10539
Vulnerability from fkie_nvd
Published
2018-04-29 15:29
Modified
2024-11-21 03:41
Severity ?
Summary
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html | ||
| cve@mitre.org | https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/dbry/WavPack/issues/33 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/ | ||
| cve@mitre.org | https://seclists.org/bugtraq/2019/Dec/37 | ||
| cve@mitre.org | https://usn.ubuntu.com/3637-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4197 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dbry/WavPack/issues/33 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Dec/37 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3637-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4197 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavpack | wavpack | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AF1FF6-17E5-429C-8280-8215E7010571",
"versionEndIncluding": "5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en WavPack 5.1.0 y anteriores para las entradas DSDiff. Pueden ocurrir escrituras fuera de l\u00edmites debido a que ParseDsdiffHeaderConfig en dsdiff.c no valida los tama\u00f1os de los fragmentos desconocidos antes de intentar asignar memoria. Esto se relaciona con la falta de protecci\u00f3n ante desbordamientos de enteros en un c\u00e1lculo bytes_to_copy y una subsecuente llamada malloc, lo que conduce a una asignaci\u00f3n de memoria insuficiente."
}
],
"id": "CVE-2018-10539",
"lastModified": "2024-11-21T03:41:31.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-29T15:29:00.570",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-5wgx-vm65-xvp4
Vulnerability from github
Published
2022-05-13 01:29
Modified
2022-05-13 01:29
Severity ?
VLAI Severity ?
Details
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
{
"affected": [],
"aliases": [
"CVE-2018-10539"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-29T15:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"id": "GHSA-5wgx-vm65-xvp4",
"modified": "2022-05-13T01:29:44Z",
"published": "2022-05-13T01:29:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10539"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3637-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…