SUSE CVE-2016-10170

The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted WV file...

SUSE CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

DEBIAN-CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

DEBIAN-CVE-2018-7254

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service global buffer over-read, or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file...

ALPINE-CVE-2018-7254

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service global buffer over-read, or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file...

ALPINE-CVE-2016-10170

The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted WV file...

wavpack -- multiple invalid memory reads

David Bryant reports: global buffer overread in readcode / readwords.c heap out of bounds read in WriteCaffHeader / caff.c heap out of bounds read in unreorderchannels / wvunpack.c heap oob read in readnewconfiginfo / openutils.c...