The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows an attacker to cause a denial-of-service due to global buffer over-read via a maliciously crafted CAF file. Upstream bug: https://github.com/dbry/WavPack/issues/26 Upstream patch: https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
Created mingw-wavpack tracking bugs for this issue: Affects: epel-7 [bug 1547737] Affects: fedora-all [bug 1547736] Created wavpack tracking bugs for this issue: Affects: fedora-all [bug 1547738]
https://src.fedoraproject.org/rpms/wavpack/c/be8d9f333fca9df19894a907d33aded11cb16cbc?branch=master