Debian Security Advisory

DSA-4125-1 wavpack -- security update

Date Reported:
27 Feb 2018
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 889274, Bug 889276, Bug 889559.
In Mitre's CVE dictionary: CVE-2018-6767, CVE-2018-7253, CVE-2018-7254.
More information:

Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution.

For the stable distribution (stretch), these problems have been fixed in version 5.0.0-2+deb9u1.

We recommend that you upgrade your wavpack packages.

For the detailed security status of wavpack please refer to its security tracker page at: