Rocky Linux 8 : wavpack (RLSA-2022:7558)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7558 advisory. - An out of bounds read was found in Wavpack 5.4.0 in processing .WAV files. This issue triggered in function WavpackPackSamples of file src/packutils.c, tainted...

Integer Overflow

WavPack is vulnerable to integer overflow. The vulnerability exist because of an out-of-bounds write in WavpackPackSamples in packutils.c...

CVE-2020-35738

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected...

Integer overflow

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected...

WavPack 缓冲区错误漏洞

WavPack is a free, open source lossless audio compression format with a .wv file extension. An out-of-bounds write vulnerability exists in WavpackPackSamples in packutils.c in WavPack 5.3.0, which stems from an integer overflow in the malloc parameter and can be exploited by an attacker to cause ...

CVE-2018-19840

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

CVE-2019-11498

WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...

SUSE SLED15 / SLES15 Security Update : wavpack (SUSE-SU-2019:0772-1)

This update for wavpack fixes the following issues : Security issues fixed : CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from packutils.c bsc1120930 CVE-2018-19841: Fixed a denial-of-service in the WavpackVerifySingleBlock function from openutils.c bsc1120929 Note th...

Code injection

The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion caused by an infinite loop via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero...

WavPack Denial of Service Vulnerability (CNVD-2019-06791)

WavPack is an open source, free audio lossless compression software. A security vulnerability exists in the 'WavpackPackInit' function in the packutils.c file of the libwavpack.a static link library in WavPack 5.1.0 and earlier versions. An attacker can exploit this vulnerability to cause a denia...