I have found a heap out of bounds read bug in function WavpackPackSamples, base on the commit a0ba858, code that caused crash shows below:
source:src/pack_utils.c+632
Thanks for the heads up! Fortunately this doesn't affect libwavpack (only the command-line program) and it can only cause a crash (no code execution). So the only possible security issue would be a denial-of-service for a website that uses the WavPack command-line program on user-provided files. And the only site I know about that did that stopped supporting WavPack a long time ago.
Hi,
I have found a heap out of bounds read bug in function WavpackPackSamples, base on the commit a0ba858, code that caused crash shows below:
source:src/pack_utils.c+632
Variable cnt is too large, that makes pointer sptr read beyond heap bound.
Crash file:
crash.zip
The text was updated successfully, but these errors were encountered: