Vulnerabilities > Wavpack

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-2476 A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access.
local
low complexity
wavpack fedoraproject
5.5
2022-03-10 CVE-2021-44269 Out-of-bounds Read vulnerability in multiple products
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files.
local
low complexity
wavpack fedoraproject CWE-125
5.5
2020-12-28 CVE-2020-35738 Integer Overflow or Wraparound vulnerability in multiple products
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument.
local
low complexity
wavpack debian fedoraproject CWE-190
6.1
2019-07-11 CVE-2019-1010319 Use of Uninitialized Resource vulnerability in multiple products
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable.
5.5
2019-07-11 CVE-2019-1010317 Use of Uninitialized Resource vulnerability in multiple products
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable.
5.5
2019-07-11 CVE-2019-1010315 Divide By Zero vulnerability in multiple products
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero.
5.5
2019-04-24 CVE-2019-11498 Access of Uninitialized Pointer vulnerability in multiple products
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
network
low complexity
wavpack canonical fedoraproject debian CWE-824
6.5
2018-12-04 CVE-2018-19841 Out-of-bounds Read vulnerability in multiple products
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
5.5
2018-12-04 CVE-2018-19840 Infinite Loop vulnerability in multiple products
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
5.5
2018-04-29 CVE-2018-10540 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier for W64 input.
local
low complexity
wavpack debian CWE-787
5.5