CVE-2021-44269
First published: Thu Mar 10 2022(Updated: )
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wavpack | =5.4.0 | |
| Fedora | =34 | |
| Fedora | =35 | |
| Fedora | =36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/dbry/WavPack/issues/110
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQKOOJRI2VAPYS3652HVDXON723HTXBP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRZWZKEEABCLVXZEXQZBIT3ZKLIXVFF5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CZUFTX3J4Y4OSRITG4PXCI7NRVFDYVQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQKOOJRI2VAPYS3652HVDXON723HTXBP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5B7L26LA6KGX7YH6SWD5CSBNWKV5MBO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I54NXQZELBF42OL4KQZJJRAYZX7IPZXP/
Frequently Asked Questions
What is the severity of CVE-2021-44269?
The severity of CVE-2021-44269 is classified as medium due to the potential for exploitation causing out of bounds read conditions.
How do I fix CVE-2021-44269?
To fix CVE-2021-44269, it is recommended to upgrade Wavpack to version 5.4.1 or later where the issue has been addressed.
Which versions of Wavpack are affected by CVE-2021-44269?
CVE-2021-44269 affects Wavpack version 5.4.0.
What type of vulnerability is CVE-2021-44269?
CVE-2021-44269 is an out of bounds read vulnerability in Wavpack when processing certain WAV files.
Which operating systems are impacted by CVE-2021-44269?
CVE-2021-44269 impacts Fedora versions 34, 35, and 36 when running the affected Wavpack version.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wavpack
- canonical/wavpack
- version/wavpack/5.4.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/34
- version/fedora/35
- version/fedora/36