A vulnerability was found in wavpack. There is a heap out of bounds read in unreorder_channels / wvunpack.c. A maliciously crafted file could cause the application to crash. Upstream bug: https://sourceforge.net/p/wavpack/mailman/message/35561939/ Upstream patch: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc References: http://seclists.org/oss-sec/2017/q1/221
Created mingw-wavpack tracking bugs for this issue: Affects: epel-7 [bug 1417860] Affects: fedora-all [bug 1417863] Created wavpack tracking bugs for this issue: Affects: epel-5 [bug 1417862] Affects: fedora-all [bug 1417861]