A flaw was found in wavpack 5.1.0-2. Running 'wavpack -y poc.wav' with a maliciously crafted file could cause the application to crash, which may allow an attacker to perform a denial-of-service attack. Upstream bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276 https://github.com/dbry/WavPack/issues/27 Upstream patch: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
Created mingw-wavpack tracking bugs for this issue: Affects: epel-7 [bug 1542551] Created wavpack tracking bugs for this issue: Affects: fedora-all [bug 1542552]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-6767