WavPack is vulnerable to integer overflow. The vulnerability exist because of an out-of-bounds write in WavpackPackSamples in pack_utils.c.
github.com/dbry/WavPack/issues/91
lists.debian.org/debian-lts-announce/2021/01/msg00013.html
lists.fedoraproject.org/archives/list/[email protected]/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/
lists.fedoraproject.org/archives/list/[email protected]/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/
lists.fedoraproject.org/archives/list/[email protected]/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/
lists.fedoraproject.org/archives/list/[email protected]/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/
security-tracker.debian.org/tracker/CVE-2020-35738