UbuntuUpdates.org

Package "wavpack"

Name: wavpack

Description:

audio codec (lossy and lossless) - encoder and decoder
Latest version: 5.1.0-2ubuntu1.5
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: http://www.wavpack.com

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "wavpack"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "wavpack" in Bionic

Repository Area Version
base main 5.1.0-2ubuntu1
base universe 5.1.0-2ubuntu1
security main 5.1.0-2ubuntu1.5
security universe 5.1.0-2ubuntu1.5
updates main 5.1.0-2ubuntu1.5

Changelog

Version: 5.1.0-2ubuntu1.5 2021-01-06 16:06:19 UTC

  wavpack (5.1.0-2ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write
    - debian/patches/CVE-2020-35738.patch: checks bounds
      in order to avoid/fix integer overflows resulting in buffer
      overruns in src/pack_utils.c.
    - CVE-2020-35738

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jan 2021 10:32:02 -0300
Source diff to previous version
CVE-2020-35738 WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-

Version: 5.1.0-2ubuntu1.4 2019-07-16 19:07:16 UTC

  wavpack (5.1.0-2ubuntu1.4) bionic-security; urgency=medium

  * debian/0009-issue-41-make-sure-DFF-does-not*.patch: make sure
    DFF chunk does not have negative length.
  * debian/patches/0010-issue-43-catch-zero*.patch: catch zero
    channel count in DSF and DSDIFF files.
  * SECURITY UPDATE: Crash due a divide by zero
    - debian/patches/CVE-2019-1010315.patch: make sure DSDIFF files
      have a valid channel count in cli/dsdiff.c.
    - CVE-2019-1010315
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010317.patch: make sure CAF files
      have a "desc" chunk in cli/caff.c.
    - CVE-2019-1010317
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010318.patch: make sure sample rate is
      specified and non-zero in DFF files in cli/dsdiff.c.
    - CVE-2019-1010318
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010319.patch: clear WaveHeader at start
      to prevent uninitialized read in cli/wave64.c.
    - CVE-2019-1010319

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 16 Jul 2019 09:04:50 -0300
Source diff to previous version
CVE-2019-1010315 WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tr
CVE-2019-1010317 WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The
CVE-2019-1010318 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11498. Reason: This candidate is a reservation duplicate of CVE-2019-11498. Notes
CVE-2019-1010319 WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The

Version: 5.1.0-2ubuntu1.3 2019-04-30 14:06:30 UTC

  wavpack (5.1.0-2ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-11498.patch: make sure sample rate variable
      is specified and non-zero in DFF files in cli/dsdiff.c.
    - CVE-2019-11498

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Apr 2019 11:43:20 -0300
Source diff to previous version
CVE-2019-11498 WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" co

Version: 5.1.0-2ubuntu1.2 2018-12-06 15:07:11 UTC

  wavpack (5.1.0-2ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-19840.patch: checking
      if sample_rate is not zero in src/pack_utils.c.
    - CVE-2018-19840
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-19841.patch: fix in
      src/open_utils.c.

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 06 Dec 2018 08:47:38 -0300
Source diff to previous version
CVE-2018-19840 The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaust
CVE-2018-19841 The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-

Version: 5.1.0-2ubuntu1.1 2018-04-30 21:07:00 UTC

  wavpack (5.1.0-2ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Writing to memory vulnerability in wav64 and riff
    - debian/patches/CVE-2018-10536-and-10537.patch: fixing in cli/riff.c,
      cli/wave64.c.
    - CVE-2018-10536
    - CVE-2018-10537
  * SECURITY UPDATE: Out-of-bounds writes in riff, DSDiff and W64
    - debian/patches/CVE-2018-10538-and-10539-and-10540.patch: sanitize
      size of unknown chunks before malloc in cli/dsdiff.c, cli/riff.c,
      cli/wave64.c.
    - CVE-2018-10538
    - CVE-2018-10539
    - CVE-2018-10540

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 30 Apr 2018 15:53:18 -0300
CVE-2018-10536 An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser ...
CVE-2018-10537 An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser ...
CVE-2018-10538 An issue was discovered in WavPack 5.1.0 and earlier for WAV input. ...
CVE-2018-10539 An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. ...
CVE-2018-10540 An issue was discovered in WavPack 5.1.0 and earlier for W64 input. ...


About   -   Send Feedback to @ubuntu_updates