cpe:/a:wavpack:wavpack:5.1.0 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:17.10 cpe:/o:debian:debian_linux:9.0 CVE-2018-6767 2018-02-06T17:29:00.210-05:00 2019-03-06T15:22:42.053-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-03-05T14:12:58.570-05:00 DEBIAN DSA-4125 UBUNTU USN-3568-1 CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276 CONFIRM https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 CONFIRM https://github.com/dbry/WavPack/issues/27 A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.