Lucene search

GoogleOSV:CVE-2021-44269

HistoryMar 10, 2022 - 5:44 p.m.

CVE-2021-44269

2022-03-1017:44:14

Google

osv.dev

wavpack 5.4.0

out of bounds read

wavpackpacksamples

*.wav files

heap bound

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

49.0%

JSON

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

References

github.com/dbry/WavPack/issues/110

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQKOOJRI2VAPYS3652HVDXON723HTXBP/