wavpack is vulnerable to denial of service (DoS). The vulnerability exists through the use of uninitialized variable in WavpackSetConfiguration64 leads to DoS.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
access.redhat.com/errata/RHSA-2020:1581
access.redhat.com/security/updates/classification/#low
github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
github.com/dbry/WavPack/issues/67
lists.debian.org/debian-lts-announce/2021/01/msg00013.html
lists.fedoraproject.org/archives/list/[email protected]/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/
lists.fedoraproject.org/archives/list/[email protected]/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/
lists.fedoraproject.org/archives/list/[email protected]/message/NZDKXGA2ZNSSM64ZYDHOWCO4Q4VAKAON/
lists.fedoraproject.org/archives/list/[email protected]/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/
security.gentoo.org/glsa/202007-19
usn.ubuntu.com/3960-1/