Security Information / 2018 / Security Information -- DSA-4125-1 wavpack

Debian Security Advisory

DSA-4125-1 wavpack -- security update

Date Reported:

27 Feb 2018

Affected Packages:

wavpack

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 889274, Bug 889276, Bug 889559.
In Mitre's CVE dictionary: CVE-2018-6767, CVE-2018-7253, CVE-2018-7254.

More information:

Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution.

For the stable distribution (stretch), these problems have been fixed in version 5.0.0-2+deb9u1.

We recommend that you upgrade your wavpack packages.

For the detailed security status of wavpack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wavpack