Lucene search

K
redhatcveRedhat.comRH:CVE-2020-35738
HistoryDec 28, 2020 - 6:34 p.m.

CVE-2020-35738

2020-12-2818:34:28
redhat.com
access.redhat.com
15

0.001 Low

EPSS

Percentile

45.2%

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later β€œunofficial” releases through 5.3.2, which are also affected.

Mitigation

If using the wavpack utility, this flaw can be mitigated by not running the program on untrusted input files or files from untrusted sources.