Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10539 (GCVE-0-2018-10539)
Vulnerability from cvelistv5 – Published: 2018-04-29 15:00 – Updated: 2024-08-05 07:39
VLAI?
EPSS
Summary
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T01:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10539",
"datePublished": "2018-04-29T15:00:00",
"dateReserved": "2018-04-29T00:00:00",
"dateUpdated": "2024-08-05T07:39:07.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1.0\", \"matchCriteriaId\": \"A5AF1FF6-17E5-429C-8280-8215E7010571\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en WavPack 5.1.0 y anteriores para las entradas DSDiff. Pueden ocurrir escrituras fuera de l\\u00edmites debido a que ParseDsdiffHeaderConfig en dsdiff.c no valida los tama\\u00f1os de los fragmentos desconocidos antes de intentar asignar memoria. Esto se relaciona con la falta de protecci\\u00f3n ante desbordamientos de enteros en un c\\u00e1lculo bytes_to_copy y una subsecuente llamada malloc, lo que conduce a una asignaci\\u00f3n de memoria insuficiente.\"}]",
"id": "CVE-2018-10539",
"lastModified": "2024-11-21T03:41:31.570",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-04-29T15:29:00.570",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/dbry/WavPack/issues/33\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/37\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/3637-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4197\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/dbry/WavPack/issues/33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Dec/37\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3637-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4197\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10539\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-04-29T15:29:00.570\",\"lastModified\":\"2024-11-21T03:41:31.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en WavPack 5.1.0 y anteriores para las entradas DSDiff. Pueden ocurrir escrituras fuera de l\u00edmites debido a que ParseDsdiffHeaderConfig en dsdiff.c no valida los tama\u00f1os de los fragmentos desconocidos antes de intentar asignar memoria. Esto se relaciona con la falta de protecci\u00f3n ante desbordamientos de enteros en un c\u00e1lculo bytes_to_copy y una subsecuente llamada malloc, lo que conduce a una asignaci\u00f3n de memoria insuficiente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1.0\",\"matchCriteriaId\":\"A5AF1FF6-17E5-429C-8280-8215E7010571\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dbry/WavPack/issues/33\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/37\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3637-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4197\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dbry/WavPack/issues/33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Dec/37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3637-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2018-10539
Vulnerability from fkie_nvd - Published: 2018-04-29 15:29 - Updated: 2024-11-21 03:41
Severity ?
Summary
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wavpack | wavpack | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AF1FF6-17E5-429C-8280-8215E7010571",
"versionEndIncluding": "5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en WavPack 5.1.0 y anteriores para las entradas DSDiff. Pueden ocurrir escrituras fuera de l\u00edmites debido a que ParseDsdiffHeaderConfig en dsdiff.c no valida los tama\u00f1os de los fragmentos desconocidos antes de intentar asignar memoria. Esto se relaciona con la falta de protecci\u00f3n ante desbordamientos de enteros en un c\u00e1lculo bytes_to_copy y una subsecuente llamada malloc, lo que conduce a una asignaci\u00f3n de memoria insuficiente."
}
],
"id": "CVE-2018-10539",
"lastModified": "2024-11-21T03:41:31.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-29T15:29:00.570",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2018-10100
Vulnerability from cnvd - Published: 2018-05-23
VLAI Severity ?
Title
WavPack越界写入漏洞(CNVD-2018-10100)
Description
WavPack是一套开源的、免费的音频无损压缩软件。
WavPack 5.1.0及之前版本中存在安全漏洞,该漏洞源于在分配内存之前,dsdiff.c文件的‘ParseDsdiffHeaderConfig’函数未能校验区块的大小。攻击者可利用该漏洞造成拒绝服务或执行代码(越边界写入)。
Severity
高
Patch Name
WavPack越界写入漏洞(CNVD-2018-10100)的补丁
Patch Description
WavPack是一套开源的、免费的音频无损压缩软件。
WavPack 5.1.0及之前版本中存在安全漏洞,该漏洞源于在分配内存之前,dsdiff.c文件的‘ParseDsdiffHeaderConfig’函数未能校验区块的大小。攻击者可利用该漏洞造成拒绝服务或执行代码(越边界写入)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-10539
https://usn.ubuntu.com/3637-1/
Impacted products
| Name | WavPack WavPack <=5.1.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-10539"
}
},
"description": "WavPack\u662f\u4e00\u5957\u5f00\u6e90\u7684\u3001\u514d\u8d39\u7684\u97f3\u9891\u65e0\u635f\u538b\u7f29\u8f6f\u4ef6\u3002\r\n\r\nWavPack 5.1.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5206\u914d\u5185\u5b58\u4e4b\u524d\uff0cdsdiff.c\u6587\u4ef6\u7684\u2018ParseDsdiffHeaderConfig\u2019\u51fd\u6570\u672a\u80fd\u6821\u9a8c\u533a\u5757\u7684\u5927\u5c0f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4ee3\u7801\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002",
"discovererName": "Thuan Pham, Marcel B\u00f6hme, Andrew Santosa and Alexandru Razvan Caciulescu",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-10100",
"openTime": "2018-05-23",
"patchDescription": "WavPack\u662f\u4e00\u5957\u5f00\u6e90\u7684\u3001\u514d\u8d39\u7684\u97f3\u9891\u65e0\u635f\u538b\u7f29\u8f6f\u4ef6\u3002\r\n\r\nWavPack 5.1.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5206\u914d\u5185\u5b58\u4e4b\u524d\uff0cdsdiff.c\u6587\u4ef6\u7684\u2018ParseDsdiffHeaderConfig\u2019\u51fd\u6570\u672a\u80fd\u6821\u9a8c\u533a\u5757\u7684\u5927\u5c0f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4ee3\u7801\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "WavPack\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2018-10100\uff09\u7684\u8865\u4e01",
"products": {
"product": "WavPack WavPack \u003c=5.1.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-10539\r\nhttps://usn.ubuntu.com/3637-1/",
"serverity": "\u9ad8",
"submitTime": "2018-05-02",
"title": "WavPack\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2018-10100\uff09"
}
GSD-2018-10539
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10539",
"description": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"id": "GSD-2018-10539",
"references": [
"https://www.suse.com/security/cve/CVE-2018-10539.html",
"https://www.debian.org/security/2018/dsa-4197",
"https://ubuntu.com/security/CVE-2018-10539",
"https://advisories.mageia.org/CVE-2018-10539.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10539"
],
"details": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"id": "GSD-2018-10539",
"modified": "2023-12-13T01:22:41.201461Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wavpack:wavpack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10539"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
},
{
"name": "FEDORA-2020-e55567b6be",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"name": "FEDORA-2020-73274c9df4",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-12-20T10:15Z",
"publishedDate": "2018-04-29T15:29Z"
}
}
}
OPENSUSE-SU-2021:0154-1
Vulnerability from csaf_opensuse - Published: 2021-01-24 17:22 - Updated: 2021-01-24 17:22Summary
Security update for wavpack
Notes
Title of the patch
Security update for wavpack
Description of the patch
This update for wavpack fixes the following issues:
- Update to version 5.4.0
* CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414)
* fixed: disable A32 asm code when building for Apple silicon
* fixed: issues with Adobe-style floating-point WAV files
* added: --normalize-floats option to wvunpack for correctly
exporting un-normalized floating-point files
- Update to version 5.3.0
* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
* fixed: trailing garbage characters on imported ID3v2 TXXX tags
* fixed: various minor undefined behavior and memory access issues
* fixed: sanitize tag extraction names for length and path inclusion
* improved: reformat wvunpack 'help' and split into long + short versions
* added: regression testing to Travis CI for OSS-Fuzz crashers
- Updated to version 5.2.0
*fixed: potential security issues including the following CVEs:
CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),
CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),
CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340),
CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498
and CVE-2019-1010319
* added: support for CMake, Travis CI, and Google's OSS-fuzz
* fixed: use correction file for encode verify (pipe input, Windows)
* fixed: correct WAV header with actual length (pipe input, -i option)
* fixed: thumb interworking and not needing v6 architecture (ARM asm)
* added: handle more ID3v2.3 tag items and from all file types
* fixed: coredump on Sparc64 (changed MD5 implementation)
* fixed: handle invalid ID3v2.3 tags from sacd-ripper
* fixed: several corner-case memory leaks
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-154
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wavpack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n * fixed: disable A32 asm code when building for Apple silicon\n * fixed: issues with Adobe-style floating-point WAV files\n * added: --normalize-floats option to wvunpack for correctly\n exporting un-normalized floating-point files\n- Update to version 5.3.0 \n * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n * fixed: various minor undefined behavior and memory access issues\n * fixed: sanitize tag extraction names for length and path inclusion\n * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n *fixed: potential security issues including the following CVEs:\n CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), \n CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n and CVE-2019-1010319\n * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n * fixed: use correction file for encode verify (pipe input, Windows)\n * fixed: correct WAV header with actual length (pipe input, -i option)\n * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n * added: handle more ID3v2.3 tag items and from all file types\n * fixed: coredump on Sparc64 (changed MD5 implementation)\n * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n * fixed: several corner-case memory leaks\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-154",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0154-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0154-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FD5IPNZ6LGJLORJOQVT3MAHBWF3ORQPT/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0154-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FD5IPNZ6LGJLORJOQVT3MAHBWF3ORQPT/"
},
{
"category": "self",
"summary": "SUSE Bug 1091340",
"url": "https://bugzilla.suse.com/1091340"
},
{
"category": "self",
"summary": "SUSE Bug 1091341",
"url": "https://bugzilla.suse.com/1091341"
},
{
"category": "self",
"summary": "SUSE Bug 1091342",
"url": "https://bugzilla.suse.com/1091342"
},
{
"category": "self",
"summary": "SUSE Bug 1091343",
"url": "https://bugzilla.suse.com/1091343"
},
{
"category": "self",
"summary": "SUSE Bug 1091344",
"url": "https://bugzilla.suse.com/1091344"
},
{
"category": "self",
"summary": "SUSE Bug 1180414",
"url": "https://bugzilla.suse.com/1180414"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10536 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10537 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10538 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10539 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10540 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19841 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6767 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7253 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7254 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1010319 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35738/"
}
],
"title": "Security update for wavpack",
"tracking": {
"current_release_date": "2021-01-24T17:22:08Z",
"generator": {
"date": "2021-01-24T17:22:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0154-1",
"initial_release_date": "2021-01-24T17:22:08Z",
"revision_history": [
{
"date": "2021-01-24T17:22:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-lp151.5.6.1.i586",
"product": {
"name": "libwavpack1-5.4.0-lp151.5.6.1.i586",
"product_id": "libwavpack1-5.4.0-lp151.5.6.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-lp151.5.6.1.i586",
"product": {
"name": "wavpack-5.4.0-lp151.5.6.1.i586",
"product_id": "wavpack-5.4.0-lp151.5.6.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
"product": {
"name": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
"product_id": "wavpack-devel-5.4.0-lp151.5.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"product": {
"name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"product_id": "libwavpack1-5.4.0-lp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"product": {
"name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"product_id": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-lp151.5.6.1.x86_64",
"product": {
"name": "wavpack-5.4.0-lp151.5.6.1.x86_64",
"product_id": "wavpack-5.4.0-lp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
"product": {
"name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
"product_id": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586"
},
"product_reference": "libwavpack1-5.4.0-lp151.5.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64"
},
"product_reference": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586"
},
"product_reference": "wavpack-5.4.0-lp151.5.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64"
},
"product_reference": "wavpack-5.4.0-lp151.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586"
},
"product_reference": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10536"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10536",
"url": "https://www.suse.com/security/cve/CVE-2018-10536"
},
{
"category": "external",
"summary": "SUSE Bug 1091344 for CVE-2018-10536",
"url": "https://bugzilla.suse.com/1091344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "important"
}
],
"title": "CVE-2018-10536"
},
{
"cve": "CVE-2018-10537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10537"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10537",
"url": "https://www.suse.com/security/cve/CVE-2018-10537"
},
{
"category": "external",
"summary": "SUSE Bug 1091343 for CVE-2018-10537",
"url": "https://bugzilla.suse.com/1091343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "important"
}
],
"title": "CVE-2018-10537"
},
{
"cve": "CVE-2018-10538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10538"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10538",
"url": "https://www.suse.com/security/cve/CVE-2018-10538"
},
{
"category": "external",
"summary": "SUSE Bug 1091342 for CVE-2018-10538",
"url": "https://bugzilla.suse.com/1091342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-10538"
},
{
"cve": "CVE-2018-10539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10539"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10539",
"url": "https://www.suse.com/security/cve/CVE-2018-10539"
},
{
"category": "external",
"summary": "SUSE Bug 1091341 for CVE-2018-10539",
"url": "https://bugzilla.suse.com/1091341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-10539"
},
{
"cve": "CVE-2018-10540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10540"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10540",
"url": "https://www.suse.com/security/cve/CVE-2018-10540"
},
{
"category": "external",
"summary": "SUSE Bug 1091340 for CVE-2018-10540",
"url": "https://bugzilla.suse.com/1091340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-10540"
},
{
"cve": "CVE-2018-19840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19840"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19840",
"url": "https://www.suse.com/security/cve/CVE-2018-19840"
},
{
"category": "external",
"summary": "SUSE Bug 1120930 for CVE-2018-19840",
"url": "https://bugzilla.suse.com/1120930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2018-19840"
},
{
"cve": "CVE-2018-19841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19841"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19841",
"url": "https://www.suse.com/security/cve/CVE-2018-19841"
},
{
"category": "external",
"summary": "SUSE Bug 1120929 for CVE-2018-19841",
"url": "https://bugzilla.suse.com/1120929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2018-19841"
},
{
"cve": "CVE-2018-6767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6767"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6767",
"url": "https://www.suse.com/security/cve/CVE-2018-6767"
},
{
"category": "external",
"summary": "SUSE Bug 1079746 for CVE-2018-6767",
"url": "https://bugzilla.suse.com/1079746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "important"
}
],
"title": "CVE-2018-6767"
},
{
"cve": "CVE-2018-7253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7253"
}
],
"notes": [
{
"category": "general",
"text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7253",
"url": "https://www.suse.com/security/cve/CVE-2018-7253"
},
{
"category": "external",
"summary": "SUSE Bug 1081692 for CVE-2018-7253",
"url": "https://bugzilla.suse.com/1081692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2018-7253"
},
{
"cve": "CVE-2018-7254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7254"
}
],
"notes": [
{
"category": "general",
"text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7254",
"url": "https://www.suse.com/security/cve/CVE-2018-7254"
},
{
"category": "external",
"summary": "SUSE Bug 1081693 for CVE-2018-7254",
"url": "https://bugzilla.suse.com/1081693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2018-7254"
},
{
"cve": "CVE-2019-1010319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1010319"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1010319",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319"
},
{
"category": "external",
"summary": "SUSE Bug 1141334 for CVE-2019-1010319",
"url": "https://bugzilla.suse.com/1141334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2019-1010319"
},
{
"cve": "CVE-2019-11498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11498"
}
],
"notes": [
{
"category": "general",
"text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11498",
"url": "https://www.suse.com/security/cve/CVE-2019-11498"
},
{
"category": "external",
"summary": "SUSE Bug 1133384 for CVE-2019-11498",
"url": "https://bugzilla.suse.com/1133384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "low"
}
],
"title": "CVE-2019-11498"
},
{
"cve": "CVE-2020-35738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35738"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35738",
"url": "https://www.suse.com/security/cve/CVE-2020-35738"
},
{
"category": "external",
"summary": "SUSE Bug 1180414 for CVE-2020-35738",
"url": "https://bugzilla.suse.com/1180414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
"openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:08Z",
"details": "important"
}
],
"title": "CVE-2020-35738"
}
]
}
OPENSUSE-SU-2021:0153-1
Vulnerability from csaf_opensuse - Published: 2021-01-24 17:22 - Updated: 2021-01-24 17:22Summary
Security update for wavpack
Notes
Title of the patch
Security update for wavpack
Description of the patch
This update for wavpack fixes the following issues:
- Update to version 5.4.0
* CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414)
* fixed: disable A32 asm code when building for Apple silicon
* fixed: issues with Adobe-style floating-point WAV files
* added: --normalize-floats option to wvunpack for correctly
exporting un-normalized floating-point files
- Update to version 5.3.0
* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
* fixed: trailing garbage characters on imported ID3v2 TXXX tags
* fixed: various minor undefined behavior and memory access issues
* fixed: sanitize tag extraction names for length and path inclusion
* improved: reformat wvunpack 'help' and split into long + short versions
* added: regression testing to Travis CI for OSS-Fuzz crashers
- Updated to version 5.2.0
*fixed: potential security issues including the following CVEs:
CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),
CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),
CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340),
CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498
and CVE-2019-1010319
* added: support for CMake, Travis CI, and Google's OSS-fuzz
* fixed: use correction file for encode verify (pipe input, Windows)
* fixed: correct WAV header with actual length (pipe input, -i option)
* fixed: thumb interworking and not needing v6 architecture (ARM asm)
* added: handle more ID3v2.3 tag items and from all file types
* fixed: coredump on Sparc64 (changed MD5 implementation)
* fixed: handle invalid ID3v2.3 tags from sacd-ripper
* fixed: several corner-case memory leaks
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-153
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wavpack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n * fixed: disable A32 asm code when building for Apple silicon\n * fixed: issues with Adobe-style floating-point WAV files\n * added: --normalize-floats option to wvunpack for correctly\n exporting un-normalized floating-point files\n- Update to version 5.3.0 \n * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n * fixed: various minor undefined behavior and memory access issues\n * fixed: sanitize tag extraction names for length and path inclusion\n * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n *fixed: potential security issues including the following CVEs:\n CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), \n CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n and CVE-2019-1010319\n * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n * fixed: use correction file for encode verify (pipe input, Windows)\n * fixed: correct WAV header with actual length (pipe input, -i option)\n * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n * added: handle more ID3v2.3 tag items and from all file types\n * fixed: coredump on Sparc64 (changed MD5 implementation)\n * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n * fixed: several corner-case memory leaks\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-153",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0153-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0153-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EK4DH6BBB2WPBM677O7MFUOO5UBKUW37/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0153-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EK4DH6BBB2WPBM677O7MFUOO5UBKUW37/"
},
{
"category": "self",
"summary": "SUSE Bug 1091340",
"url": "https://bugzilla.suse.com/1091340"
},
{
"category": "self",
"summary": "SUSE Bug 1091341",
"url": "https://bugzilla.suse.com/1091341"
},
{
"category": "self",
"summary": "SUSE Bug 1091342",
"url": "https://bugzilla.suse.com/1091342"
},
{
"category": "self",
"summary": "SUSE Bug 1091343",
"url": "https://bugzilla.suse.com/1091343"
},
{
"category": "self",
"summary": "SUSE Bug 1091344",
"url": "https://bugzilla.suse.com/1091344"
},
{
"category": "self",
"summary": "SUSE Bug 1180414",
"url": "https://bugzilla.suse.com/1180414"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10536 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10537 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10538 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10539 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10540 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19841 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6767 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7253 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7254 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1010319 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35738/"
}
],
"title": "Security update for wavpack",
"tracking": {
"current_release_date": "2021-01-24T17:22:03Z",
"generator": {
"date": "2021-01-24T17:22:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0153-1",
"initial_release_date": "2021-01-24T17:22:03Z",
"revision_history": [
{
"date": "2021-01-24T17:22:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-lp152.7.3.1.i586",
"product": {
"name": "libwavpack1-5.4.0-lp152.7.3.1.i586",
"product_id": "libwavpack1-5.4.0-lp152.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-lp152.7.3.1.i586",
"product": {
"name": "wavpack-5.4.0-lp152.7.3.1.i586",
"product_id": "wavpack-5.4.0-lp152.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
"product": {
"name": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
"product_id": "wavpack-devel-5.4.0-lp152.7.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"product": {
"name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"product_id": "libwavpack1-5.4.0-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"product": {
"name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"product_id": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-lp152.7.3.1.x86_64",
"product": {
"name": "wavpack-5.4.0-lp152.7.3.1.x86_64",
"product_id": "wavpack-5.4.0-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
"product": {
"name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
"product_id": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586"
},
"product_reference": "libwavpack1-5.4.0-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64"
},
"product_reference": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586"
},
"product_reference": "wavpack-5.4.0-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64"
},
"product_reference": "wavpack-5.4.0-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586"
},
"product_reference": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10536"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10536",
"url": "https://www.suse.com/security/cve/CVE-2018-10536"
},
{
"category": "external",
"summary": "SUSE Bug 1091344 for CVE-2018-10536",
"url": "https://bugzilla.suse.com/1091344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "important"
}
],
"title": "CVE-2018-10536"
},
{
"cve": "CVE-2018-10537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10537"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10537",
"url": "https://www.suse.com/security/cve/CVE-2018-10537"
},
{
"category": "external",
"summary": "SUSE Bug 1091343 for CVE-2018-10537",
"url": "https://bugzilla.suse.com/1091343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "important"
}
],
"title": "CVE-2018-10537"
},
{
"cve": "CVE-2018-10538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10538"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10538",
"url": "https://www.suse.com/security/cve/CVE-2018-10538"
},
{
"category": "external",
"summary": "SUSE Bug 1091342 for CVE-2018-10538",
"url": "https://bugzilla.suse.com/1091342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-10538"
},
{
"cve": "CVE-2018-10539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10539"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10539",
"url": "https://www.suse.com/security/cve/CVE-2018-10539"
},
{
"category": "external",
"summary": "SUSE Bug 1091341 for CVE-2018-10539",
"url": "https://bugzilla.suse.com/1091341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-10539"
},
{
"cve": "CVE-2018-10540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10540"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10540",
"url": "https://www.suse.com/security/cve/CVE-2018-10540"
},
{
"category": "external",
"summary": "SUSE Bug 1091340 for CVE-2018-10540",
"url": "https://bugzilla.suse.com/1091340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-10540"
},
{
"cve": "CVE-2018-19840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19840"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19840",
"url": "https://www.suse.com/security/cve/CVE-2018-19840"
},
{
"category": "external",
"summary": "SUSE Bug 1120930 for CVE-2018-19840",
"url": "https://bugzilla.suse.com/1120930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2018-19840"
},
{
"cve": "CVE-2018-19841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19841"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19841",
"url": "https://www.suse.com/security/cve/CVE-2018-19841"
},
{
"category": "external",
"summary": "SUSE Bug 1120929 for CVE-2018-19841",
"url": "https://bugzilla.suse.com/1120929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2018-19841"
},
{
"cve": "CVE-2018-6767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6767"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6767",
"url": "https://www.suse.com/security/cve/CVE-2018-6767"
},
{
"category": "external",
"summary": "SUSE Bug 1079746 for CVE-2018-6767",
"url": "https://bugzilla.suse.com/1079746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "important"
}
],
"title": "CVE-2018-6767"
},
{
"cve": "CVE-2018-7253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7253"
}
],
"notes": [
{
"category": "general",
"text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7253",
"url": "https://www.suse.com/security/cve/CVE-2018-7253"
},
{
"category": "external",
"summary": "SUSE Bug 1081692 for CVE-2018-7253",
"url": "https://bugzilla.suse.com/1081692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2018-7253"
},
{
"cve": "CVE-2018-7254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7254"
}
],
"notes": [
{
"category": "general",
"text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7254",
"url": "https://www.suse.com/security/cve/CVE-2018-7254"
},
{
"category": "external",
"summary": "SUSE Bug 1081693 for CVE-2018-7254",
"url": "https://bugzilla.suse.com/1081693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2018-7254"
},
{
"cve": "CVE-2019-1010319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1010319"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1010319",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319"
},
{
"category": "external",
"summary": "SUSE Bug 1141334 for CVE-2019-1010319",
"url": "https://bugzilla.suse.com/1141334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "moderate"
}
],
"title": "CVE-2019-1010319"
},
{
"cve": "CVE-2019-11498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11498"
}
],
"notes": [
{
"category": "general",
"text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11498",
"url": "https://www.suse.com/security/cve/CVE-2019-11498"
},
{
"category": "external",
"summary": "SUSE Bug 1133384 for CVE-2019-11498",
"url": "https://bugzilla.suse.com/1133384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "low"
}
],
"title": "CVE-2019-11498"
},
{
"cve": "CVE-2020-35738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35738"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35738",
"url": "https://www.suse.com/security/cve/CVE-2020-35738"
},
{
"category": "external",
"summary": "SUSE Bug 1180414 for CVE-2020-35738",
"url": "https://bugzilla.suse.com/1180414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
"openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-24T17:22:03Z",
"details": "important"
}
],
"title": "CVE-2020-35738"
}
]
}
GHSA-5WGX-VM65-XVP4
Vulnerability from github – Published: 2022-05-13 01:29 – Updated: 2022-05-13 01:29
VLAI?
Details
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-10539"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-29T15:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"id": "GHSA-5wgx-vm65-xvp4",
"modified": "2022-05-13T01:29:44Z",
"published": "2022-05-13T01:29:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10539"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"type": "WEB",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/37"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3637-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
SUSE-SU-2021:0186-1
Vulnerability from csaf_suse - Published: 2021-01-21 13:56 - Updated: 2021-01-21 13:56Summary
Security update for wavpack
Notes
Title of the patch
Security update for wavpack
Description of the patch
This update for wavpack fixes the following issues:
- Update to version 5.4.0
* CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414)
* fixed: disable A32 asm code when building for Apple silicon
* fixed: issues with Adobe-style floating-point WAV files
* added: --normalize-floats option to wvunpack for correctly
exporting un-normalized floating-point files
- Update to version 5.3.0
* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
* fixed: trailing garbage characters on imported ID3v2 TXXX tags
* fixed: various minor undefined behavior and memory access issues
* fixed: sanitize tag extraction names for length and path inclusion
* improved: reformat wvunpack 'help' and split into long + short versions
* added: regression testing to Travis CI for OSS-Fuzz crashers
- Updated to version 5.2.0
*fixed: potential security issues including the following CVEs:
CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),
CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),
CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340),
CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498
and CVE-2019-1010319
* added: support for CMake, Travis CI, and Google's OSS-fuzz
* fixed: use correction file for encode verify (pipe input, Windows)
* fixed: correct WAV header with actual length (pipe input, -i option)
* fixed: thumb interworking and not needing v6 architecture (ARM asm)
* added: handle more ID3v2.3 tag items and from all file types
* fixed: coredump on Sparc64 (changed MD5 implementation)
* fixed: handle invalid ID3v2.3 tags from sacd-ripper
* fixed: several corner-case memory leaks
Patchnames
SUSE-2021-186,SUSE-SLE-Module-Basesystem-15-SP2-2021-186,SUSE-SLE-Module-Basesystem-15-SP3-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-186,SUSE-SLE-Product-HPC-15-2021-186,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-186,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES-15-2021-186,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-186,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES_SAP-15-2021-186,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-186,SUSE-Storage-6-2021-186
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wavpack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n * fixed: disable A32 asm code when building for Apple silicon\n * fixed: issues with Adobe-style floating-point WAV files\n * added: --normalize-floats option to wvunpack for correctly\n exporting un-normalized floating-point files\n- Update to version 5.3.0 \n * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n * fixed: various minor undefined behavior and memory access issues\n * fixed: sanitize tag extraction names for length and path inclusion\n * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n *fixed: potential security issues including the following CVEs:\n CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), \n CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n and CVE-2019-1010319\n * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n * fixed: use correction file for encode verify (pipe input, Windows)\n * fixed: correct WAV header with actual length (pipe input, -i option)\n * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n * added: handle more ID3v2.3 tag items and from all file types\n * fixed: coredump on Sparc64 (changed MD5 implementation)\n * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n * fixed: several corner-case memory leaks\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-186,SUSE-SLE-Module-Basesystem-15-SP2-2021-186,SUSE-SLE-Module-Basesystem-15-SP3-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-186,SUSE-SLE-Product-HPC-15-2021-186,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-186,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES-15-2021-186,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-186,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES_SAP-15-2021-186,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-186,SUSE-Storage-6-2021-186",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0186-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0186-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210186-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0186-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008234.html"
},
{
"category": "self",
"summary": "SUSE Bug 1091340",
"url": "https://bugzilla.suse.com/1091340"
},
{
"category": "self",
"summary": "SUSE Bug 1091341",
"url": "https://bugzilla.suse.com/1091341"
},
{
"category": "self",
"summary": "SUSE Bug 1091342",
"url": "https://bugzilla.suse.com/1091342"
},
{
"category": "self",
"summary": "SUSE Bug 1091343",
"url": "https://bugzilla.suse.com/1091343"
},
{
"category": "self",
"summary": "SUSE Bug 1091344",
"url": "https://bugzilla.suse.com/1091344"
},
{
"category": "self",
"summary": "SUSE Bug 1180414",
"url": "https://bugzilla.suse.com/1180414"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10536 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10537 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10538 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10539 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10540 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19841 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6767 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7253 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7254 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-1010319 page",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35738 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35738/"
}
],
"title": "Security update for wavpack",
"tracking": {
"current_release_date": "2021-01-21T13:56:16Z",
"generator": {
"date": "2021-01-21T13:56:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0186-1",
"initial_release_date": "2021-01-21T13:56:16Z",
"revision_history": [
{
"date": "2021-01-21T13:56:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.aarch64",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64",
"product_id": "libwavpack1-5.4.0-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.aarch64",
"product": {
"name": "wavpack-5.4.0-4.9.1.aarch64",
"product_id": "wavpack-5.4.0-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.aarch64",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64",
"product_id": "wavpack-devel-5.4.0-4.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32",
"product": {
"name": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32",
"product_id": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.i586",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.i586",
"product_id": "libwavpack1-5.4.0-4.9.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.i586",
"product": {
"name": "wavpack-5.4.0-4.9.1.i586",
"product_id": "wavpack-5.4.0-4.9.1.i586"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.i586",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.i586",
"product_id": "wavpack-devel-5.4.0-4.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.ppc64le",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le",
"product_id": "libwavpack1-5.4.0-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.ppc64le",
"product": {
"name": "wavpack-5.4.0-4.9.1.ppc64le",
"product_id": "wavpack-5.4.0-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"product_id": "wavpack-devel-5.4.0-4.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.s390x",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.s390x",
"product_id": "libwavpack1-5.4.0-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.s390x",
"product": {
"name": "wavpack-5.4.0-4.9.1.s390x",
"product_id": "wavpack-5.4.0-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.s390x",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.s390x",
"product_id": "wavpack-devel-5.4.0-4.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libwavpack1-5.4.0-4.9.1.x86_64",
"product": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64",
"product_id": "libwavpack1-5.4.0-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwavpack1-32bit-5.4.0-4.9.1.x86_64",
"product": {
"name": "libwavpack1-32bit-5.4.0-4.9.1.x86_64",
"product_id": "libwavpack1-32bit-5.4.0-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-5.4.0-4.9.1.x86_64",
"product": {
"name": "wavpack-5.4.0-4.9.1.x86_64",
"product_id": "wavpack-5.4.0-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "wavpack-devel-5.4.0-4.9.1.x86_64",
"product": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64",
"product_id": "wavpack-devel-5.4.0-4.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.0",
"product": {
"name": "SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64"
},
"product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64"
},
"product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10536"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10536",
"url": "https://www.suse.com/security/cve/CVE-2018-10536"
},
{
"category": "external",
"summary": "SUSE Bug 1091344 for CVE-2018-10536",
"url": "https://bugzilla.suse.com/1091344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2018-10536"
},
{
"cve": "CVE-2018-10537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10537"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10537",
"url": "https://www.suse.com/security/cve/CVE-2018-10537"
},
{
"category": "external",
"summary": "SUSE Bug 1091343 for CVE-2018-10537",
"url": "https://bugzilla.suse.com/1091343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2018-10537"
},
{
"cve": "CVE-2018-10538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10538"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10538",
"url": "https://www.suse.com/security/cve/CVE-2018-10538"
},
{
"category": "external",
"summary": "SUSE Bug 1091342 for CVE-2018-10538",
"url": "https://bugzilla.suse.com/1091342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-10538"
},
{
"cve": "CVE-2018-10539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10539"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10539",
"url": "https://www.suse.com/security/cve/CVE-2018-10539"
},
{
"category": "external",
"summary": "SUSE Bug 1091341 for CVE-2018-10539",
"url": "https://bugzilla.suse.com/1091341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-10539"
},
{
"cve": "CVE-2018-10540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10540"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10540",
"url": "https://www.suse.com/security/cve/CVE-2018-10540"
},
{
"category": "external",
"summary": "SUSE Bug 1091340 for CVE-2018-10540",
"url": "https://bugzilla.suse.com/1091340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-10540"
},
{
"cve": "CVE-2018-19840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19840"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19840",
"url": "https://www.suse.com/security/cve/CVE-2018-19840"
},
{
"category": "external",
"summary": "SUSE Bug 1120930 for CVE-2018-19840",
"url": "https://bugzilla.suse.com/1120930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "low"
}
],
"title": "CVE-2018-19840"
},
{
"cve": "CVE-2018-19841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19841"
}
],
"notes": [
{
"category": "general",
"text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19841",
"url": "https://www.suse.com/security/cve/CVE-2018-19841"
},
{
"category": "external",
"summary": "SUSE Bug 1120929 for CVE-2018-19841",
"url": "https://bugzilla.suse.com/1120929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "low"
}
],
"title": "CVE-2018-19841"
},
{
"cve": "CVE-2018-6767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6767"
}
],
"notes": [
{
"category": "general",
"text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6767",
"url": "https://www.suse.com/security/cve/CVE-2018-6767"
},
{
"category": "external",
"summary": "SUSE Bug 1079746 for CVE-2018-6767",
"url": "https://bugzilla.suse.com/1079746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2018-6767"
},
{
"cve": "CVE-2018-7253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7253"
}
],
"notes": [
{
"category": "general",
"text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7253",
"url": "https://www.suse.com/security/cve/CVE-2018-7253"
},
{
"category": "external",
"summary": "SUSE Bug 1081692 for CVE-2018-7253",
"url": "https://bugzilla.suse.com/1081692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-7253"
},
{
"cve": "CVE-2018-7254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7254"
}
],
"notes": [
{
"category": "general",
"text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7254",
"url": "https://www.suse.com/security/cve/CVE-2018-7254"
},
{
"category": "external",
"summary": "SUSE Bug 1081693 for CVE-2018-7254",
"url": "https://bugzilla.suse.com/1081693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "low"
}
],
"title": "CVE-2018-7254"
},
{
"cve": "CVE-2019-1010319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-1010319"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-1010319",
"url": "https://www.suse.com/security/cve/CVE-2019-1010319"
},
{
"category": "external",
"summary": "SUSE Bug 1141334 for CVE-2019-1010319",
"url": "https://bugzilla.suse.com/1141334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-1010319"
},
{
"cve": "CVE-2019-11498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11498"
}
],
"notes": [
{
"category": "general",
"text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11498",
"url": "https://www.suse.com/security/cve/CVE-2019-11498"
},
{
"category": "external",
"summary": "SUSE Bug 1133384 for CVE-2019-11498",
"url": "https://bugzilla.suse.com/1133384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "low"
}
],
"title": "CVE-2019-11498"
},
{
"cve": "CVE-2020-35738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35738"
}
],
"notes": [
{
"category": "general",
"text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35738",
"url": "https://www.suse.com/security/cve/CVE-2020-35738"
},
{
"category": "external",
"summary": "SUSE Bug 1180414 for CVE-2020-35738",
"url": "https://bugzilla.suse.com/1180414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
"SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-21T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2020-35738"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…