WavPack 缓冲区错误漏洞

WavPack is an open source, free audio lossless compression software. A buffer error vulnerability exists in WavPack 5.4.0, which stems from an out-of-bounds read in the function WavpackPackSamples in the file src/packutils.c. The contaminated variable cnt is too large, causing the pointer sptr to...

PT-2022-12036 · Wavpack +7 · Wavpack +7

Name of the Vulnerable Software and Affected Versions: Wavpack version 5.4.0 Description: An out of bounds read issue was discovered in the processing of .WAV files. This issue is triggered in the WavpackPackSamples function of the file src/pack utils.c, where the tainted variable cnt is too larg...

The vulnerability of the WavpackPackSamples function in the packUtils.c component of the WavPack audio codec allows for an operation that outputs data within acceptable buffer limits. This enables a malicious actor to compromise the integrity of the data and cause service failures.

The vulnerability of the WavpackPackSamples function in the packUtils.c component of the WavPack audio codec is related to the output of the operation within acceptable buffer data limits. Exploiting this vulnerability allows a remote attacker to compromise the integrity of the data and also caus...

DEBIAN-CVE-2020-35738

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected...