CVE-2018-14049
CVE-2018-14049 is a medium-severity vulnerability in Libwav Project Libwav with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- CVSS v2: 4.3
- EPSS exploit prediction: 1% (63rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Libwav Project Libwav
- Published:
- Last modified:
Description
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c.
Frequently asked questions
- What is CVE-2018-14049?
- An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c.
- How severe is CVE-2018-14049?
- CVE-2018-14049 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2018-14049 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (63rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-14049?
- CVE-2018-14049 affects Libwav Project Libwav. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2018-14049?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2018-14049 published?
- CVE-2018-14049 was published on 2018-07-13 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:libwav_project:libwav:*:*:*:*:*:*:*:*
More vulnerabilities in Libwav Project Libwav
- CVE-2022-28488 — High (CVSS 7.5): The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable…
- CVE-2018-14051 — High (CVSS 7.5): The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.
- CVE-2019-19698 — Medium (CVSS 6.5): marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.
- CVE-2019-16348 — Medium (CVSS 6.5): marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c.
- CVE-2018-14549 — Medium (CVSS 6.5): An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.
- CVE-2018-14052 — Medium (CVSS 6.5): An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c.