{"schema_version":"1.7.2","id":"OESA-2021-1131","modified":"2021-04-07T11:02:47Z","published":"2021-04-07T11:02:47Z","upstream":["CVE-2020-35738"],"summary":"wavpack security update","details":"WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. For version 5.0.0, several new file formats and lossless DSD audio compression were added, making WavPack a universal audio archiving solution.\r\n\r\nSecurity Fix(es):\r\n\r\nWavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \u0026quot;unofficial\u0026quot; releases through 5.3.2, which are also affected.(CVE-2020-35738)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"wavpack","purl":"pkg:rpm/openEuler/wavpack\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.0-2.oe1"}]}],"ecosystem_specific":{"aarch64":["wavpack-debuginfo-5.3.0-2.oe1.aarch64.rpm","wavpack-devel-5.3.0-2.oe1.aarch64.rpm","wavpack-5.3.0-2.oe1.aarch64.rpm","wavpack-debugsource-5.3.0-2.oe1.aarch64.rpm","wavpack-devel-5.3.0-2.oe1.aarch64.rpm","wavpack-debugsource-5.3.0-2.oe1.aarch64.rpm","wavpack-debuginfo-5.3.0-2.oe1.aarch64.rpm","wavpack-5.3.0-2.oe1.aarch64.rpm"],"noarch":["wavpack-help-5.3.0-2.oe1.noarch.rpm","wavpack-help-5.3.0-2.oe1.noarch.rpm"],"src":["wavpack-5.3.0-2.oe1.src.rpm","wavpack-5.3.0-2.oe1.src.rpm"],"x86_64":["wavpack-5.3.0-2.oe1.x86_64.rpm","wavpack-devel-5.3.0-2.oe1.x86_64.rpm","wavpack-debugsource-5.3.0-2.oe1.x86_64.rpm","wavpack-debuginfo-5.3.0-2.oe1.x86_64.rpm","wavpack-debugsource-5.3.0-2.oe1.x86_64.rpm","wavpack-devel-5.3.0-2.oe1.x86_64.rpm","wavpack-5.3.0-2.oe1.x86_64.rpm","wavpack-debuginfo-5.3.0-2.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"wavpack","purl":"pkg:rpm/openEuler/wavpack\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.0-2.oe1"}]}],"ecosystem_specific":{"aarch64":["wavpack-devel-5.3.0-2.oe1.aarch64.rpm","wavpack-debugsource-5.3.0-2.oe1.aarch64.rpm","wavpack-debuginfo-5.3.0-2.oe1.aarch64.rpm","wavpack-5.3.0-2.oe1.aarch64.rpm"],"noarch":["wavpack-help-5.3.0-2.oe1.noarch.rpm"],"src":["wavpack-5.3.0-2.oe1.src.rpm"],"x86_64":["wavpack-debugsource-5.3.0-2.oe1.x86_64.rpm","wavpack-devel-5.3.0-2.oe1.x86_64.rpm","wavpack-5.3.0-2.oe1.x86_64.rpm","wavpack-debuginfo-5.3.0-2.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1131"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35738"}],"database_specific":{"severity":"Medium"}}