CVE-2021-44269

Published: 10 March 2022

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
wavpack Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Needed
	impish	Ignored (reached end-of-life)
	jammy	Needed
	kinetic	Needed
	upstream	Pending (5.5.0)
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://github.com/dbry/WavPack/commit/773f9d0803c6888ae7d5391878d7337f24216f4a

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269
https://github.com/dbry/WavPack/issues/110
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security

CVE-2021-44269

Negligible

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading