Published: 19 February 2018
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
DSDIFF support was added in 5.* version, so neither xenial or trust is affected since code is not present.
CVSS 3 base score: 7.8