The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows an attacker to cause a denial-of-service via heap-based buffer over-read. Upstream bug: https://github.com/dbry/WavPack/issues/28 Upstream patch: https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
Created mingw-wavpack tracking bugs for this issue: Affects: epel-7 [bug 1547721] Affects: fedora-all [bug 1547724] Created wavpack tracking bugs for this issue: Affects: fedora-all [bug 1547723]
https://src.fedoraproject.org/rpms/wavpack/c/be8d9f333fca9df19894a907d33aded11cb16cbc?branch=master