Debian Security Advisory
DSA-4125-1 wavpack -- security update
- Date Reported:
- 27 Feb 2018
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 889274, Bug 889276, Bug 889559.
In Mitre's CVE dictionary: CVE-2018-6767, CVE-2018-7253, CVE-2018-7254.
- More information:
Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution.
For the stable distribution (stretch), these problems have been fixed in version 5.0.0-2+deb9u1.
We recommend that you upgrade your wavpack packages.
For the detailed security status of wavpack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wavpack