Vulnerability Description
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kth | Snack Sound Toolkit | 2.2.10 |
| Kth | Wavesurfer | 1.8.8 |
| Opensuse | Opensuse | 13.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00034.htmlThird Party Advisory
- http://secunia.com/advisories/49889Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201309-04.xmlThird Party Advisory
- http://www.exploit-db.com/exploits/19772ExploitVDB Entry
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:126Broken Link
- http://www.openwall.com/lists/oss-security/2012/12/10/2Mailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00034.htmlThird Party Advisory
- http://secunia.com/advisories/49889Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201309-04.xmlThird Party Advisory
- http://www.exploit-db.com/exploits/19772ExploitVDB Entry
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:126Broken Link
- http://www.openwall.com/lists/oss-security/2012/12/10/2Mailing ListThird Party Advisory
FAQ
What is CVE-2012-6303?
CVE-2012-6303 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash)...
How severe is CVE-2012-6303?
CVE-2012-6303 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6303?
Check the references section above for vendor advisories and patch information. Affected products include: Kth Snack Sound Toolkit, Kth Wavesurfer, Opensuse Opensuse.