Wavpack is vulnerable to out-of-bound reads. The vulnerability exists in WavpackPackSamples
function of file src/pack_utils.c
which allows an attacker to create a malformed WAV file with a high sample rate which causes a head out of bounds error crashing the program.
github.com/dbry/WavPack/commit/773f9d0803c6888ae7d5391878d7337f24216f4a
github.com/dbry/WavPack/issues/110
lists.fedoraproject.org/archives/list/[email protected]/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ/
lists.fedoraproject.org/archives/list/[email protected]/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO/
lists.fedoraproject.org/archives/list/[email protected]/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5/
lists.fedoraproject.org/archives/list/[email protected]/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP/
lists.fedoraproject.org/archives/list/[email protected]/message/SQKOOJRI2VAPYS3652HVDXON723HTXBP/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.16/community.yaml