CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2476 – Ubuntu Security Notice USN-5721-1
https://notcve.org/view.php?id=CVE-2022-2476
19 Jul 2022 — A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x8... • https://github.com/dbry/WavPack/issues/121 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-44269 – wavpack: Heap out-of-bounds read in WavpackPackSamples()
https://notcve.org/view.php?id=CVE-2021-44269
10 Mar 2022 — An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. Se encontró una lectura fuera de límites en Wavpack versión 5.4.0, al procesar archivos *.WAV. Este problema es desencadenado en la función WavpackPackSamples del archivo src/pack_utils.c, la variable tainted cnt es demasiado grande, lo que hace que el puntero sptr sea leído... • https://github.com/dbry/WavPack/issues/110 • CWE-125: Out-of-bounds Read •