Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-44269: A heap Out-of-bounds Read in WavpackPackSamples (src/pack_utils.c) · Issue #110 · dbry/WavPack

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

CVE
Open in Source

Hi,

I have found a heap out of bounds read bug in function WavpackPackSamples, base on the commit a0ba858, code that caused crash shows below:
source:src/pack_utils.c+632

    628              if (wps->wphdr.flags & MONO_FLAG) {
    629                  switch (wpc->config.bytes_per_sample) {
    630                      case 1:
    631                          while (cnt--) {
 →  632                                     *dptr++ = (signed char) *sptr;
    633                              sptr += nch;
    634                          }
    635
    636                          break;

Variable cnt is too large, that makes pointer sptr read beyond heap bound.

Crash file:
crash.zip

Related news

RHSA-2022:8139: Red Hat Security Advisory: wavpack security update

An update for wavpack is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44269: wavpack: Heap out-of-bounds read in WavpackPackSamples()

RHSA-2022:7558: Red Hat Security Advisory: wavpack security update

An update for wavpack is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44269: wavpack: Heap out-of-bounds read in WavpackPackSamples()

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE