Home

CVE-2021-44269

Description

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.117

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2022:7558) wavpack security update wavpack-5.1.0-16.el8.i686.rpmLinux
(RHSA-2022:7558) wavpack security update wavpack-5.1.0-16.el8.x86_64.rpmLinux
(RHSA-2022:7558) wavpack security update wavpack-debugsource-5.1.0-16.el8.i686.rpmLinux
(RHSA-2022:7558) wavpack security update wavpack-debugsource-5.1.0-16.el8.x86_64.rpmLinux
(RHSA-2022:8139) wavpack security update wavpack-5.4.0-5.el9.i686.rpmLinux
(RHSA-2022:8139) wavpack security update wavpack-5.4.0-5.el9.x86_64.rpmLinux
(RHSA-2022:8139) wavpack security update wavpack-debugsource-5.4.0-5.el9.i686.rpmLinux
(RHSA-2022:8139) wavpack security update wavpack-debugsource-5.4.0-5.el9.x86_64.rpmLinux
wavpack security update (RLSA-2022:7558) wavpack-5.1.0-16.el8.i686.rpmLinux
wavpack security update (RLSA-2022:7558) wavpack-5.1.0-16.el8.x86_64.rpmLinux
wavpack security update (RLSA-2022:8139) wavpack-5.4.0-5.el9.i686.rpmLinux
wavpack security update (RLSA-2022:8139) wavpack-5.4.0-5.el9.x86_64.rpmLinux
(RHSA-2022:7558)Low: security update wavpack-debuginfo-5.1.0-16.el8.i686.rpmLinux
(RHSA-2022:7558)Low: security update wavpack-debuginfo-5.1.0-16.el8.x86_64.rpmLinux
Wavpack update (ELSA-2022-8139) wavpack-5.4.0-5.el9.i686.rpmLinux
Wavpack update (ELSA-2022-8139) wavpack-5.4.0-5.el9.x86_64.rpmLinux
Low: wavpack security update wavpack-5.1.0-16.el8.i686.rpmLinux
Low: wavpack security update wavpack-5.1.0-16.el8.x86_64.rpmLinux
Low: wavpack security update wavpack-5.4.0-5.el9.i686.rpmLinux
Low: wavpack security update wavpack-5.4.0-5.el9.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234