WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
Created mingw-wavpack tracking bugs for this issue:
Affects: fedora-all [bug 1911326]
Created wavpack tracking bugs for this issue:
Affects: fedora-all [bug 1911325]
An attacker who is able to provide a crafted input file to be processed by wavpack audio compressor (e.g. by social engineering a user to attempt to compress a malicious file) could cause a heap buffer overflow -> out-of-bounds write due to unsigned integer wrap in a call to malloc(). The highest impact of the flaw would be to application availability or data integrity.
If using the wavpack utility, this flaw can be mitigated by not running the program on untrusted input files or files from untrusted sources.
Upstream commit: https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0