{
  "threat_severity" : "Low",
  "public_date" : "2018-02-19T00:00:00Z",
  "bugzilla" : {
    "description" : "wavpack: Global buffer over-read in ParseCaffHeaderConfig function in cli/caff.c",
    "id" : "1547735",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547735"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-122",
  "details" : [ "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.", "An out-of-bounds read flaw was found in the way WavPack handled processing of CAF (Core Audio Format) files. An attacker could potentially use this flaw to crash WavPack by tricking it into processing crafted CAF files." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "wavpack",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "wavpack",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "wavpack",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-7254\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7254" ],
  "name" : "CVE-2018-7254",
  "csaw" : false
}