CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS
Percentile
45.4%
Severity: Medium
Date : 2021-01-12
CVE-ID : CVE-2020-35738
Package : wavpack
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1387
The package wavpack before version 5.3.0-2 is vulnerable to arbitrary
code execution.
Upgrade to 5.3.0-2.
The problem has been fixed upstream but no release is available yet.
None.
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in
pack_utils.c because of an integer overflow in a malloc argument.
A local user might execute arbitrary code through a crafted file.
https://bugs.archlinux.org/task/69234
https://github.com/dbry/WavPack/issues/91
https://github.com/dbry/WavPack/files/5745022/crash.wav.tar.gz
https://github.com/dbry/WavPack/commit/63f3ec70129843dd64e11aa4c21c4a1cf00c9f1c
https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0
https://security.archlinux.org/CVE-2020-35738
bugs.archlinux.org/task/69234
github.com/dbry/WavPack/commit/63f3ec70129843dd64e11aa4c21c4a1cf00c9f1c
github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0
github.com/dbry/WavPack/files/5745022/crash.wav.tar.gz
github.com/dbry/WavPack/issues/91
security.archlinux.org/AVG-1387
security.archlinux.org/CVE-2020-35738
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS
Percentile
45.4%