ALT-PU-2021-1214-1
Closed vulnerabilities
Published: 2020-12-27
BDU:2021-00777
Уязвимость функции WavpackPackSamples компонента pack_utils.c аудиокодека WavPack, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
Severity: HIGH (7.1)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
References:
Published: 2020-12-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-35738
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
Severity: MEDIUM (6.1)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
References:
- https://github.com/dbry/WavPack/issues/91
- https://github.com/dbry/WavPack/issues/91
- [debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update
- [debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update
- FEDORA-2021-5c83efb61c
- FEDORA-2021-5c83efb61c
- FEDORA-2021-2e2fc2eac6
- FEDORA-2021-2e2fc2eac6
- FEDORA-2021-de45e7bb88
- FEDORA-2021-de45e7bb88
- FEDORA-2021-b7826fcedf
- FEDORA-2021-b7826fcedf