OPENSUSE-SU-2024:11938-1 libwavpack1-32bit-5.4.0-2.1 on GA media

These are all security issues fixed in the libwavpack1-32bit-5.4.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2018-19840

CVE-2018-19840 affects WavPack up to version 5.1.0. The issue arises in WavPackPackInit (pack_utils.c, libwavpack.a): WavpackSetConfiguration64 mishandles a sample rate of zero, causing an infinite loop and potential DoS. Connected sources confirm additional related vulnerabilities in the same pr...

CVE-2018-19841

The function WavpackVerifySingleBlock in openutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service out-of-bounds read and application crash via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack...

WavPack Denial of Service Vulnerability (CNVD-2019-06791)

WavPack is an open source, free audio lossless compression software. A security vulnerability exists in the 'WavpackPackInit' function in the packutils.c file of the libwavpack.a static link library in WavPack 5.1.0 and earlier versions. An attacker can exploit this vulnerability to cause a denia...