WavPack 5.1 and earlier in component ParseDsdiffHeaderConfig (dsdiff.c:282) has a Divide by Zero, leading to sudden crash of a software/service that tries to parse a maliciously crafted .wav file.
Created mingw-wavpack tracking bugs for this issue:
Affects: epel-7 [bug 1729421]
Affects: fedora-all [bug 1729420]
Created wavpack tracking bugs for this issue:
Affects: fedora-all [bug 1729419]
This issue affects WackPack version as shipped with Red Hat Enterprise Linux 8 and was classified with 'Low' security impact by Red Hat Product Security team.
Red Hat Enterprise Linux 6 and 7 are not affected as WavPack shipped with both system versions doesn't provide support for DSD files.
When parsing the dsdiff header the wavpack application tries to extract the number of channels the input file has, however this value is not validated before being used. This error can be exploited by crafting a special input file as the channel count will be used later causing a 'division by zero' error leading to DoS. It's a low impact security issue as requires user interaction and only the single run of wavpack will be affected.
Fedora package is fixed , nothing that I can do here
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:1581 https://access.redhat.com/errata/RHSA-2020:1581
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):