{"schema_version":"1.7.2","id":"OESA-2024-2515","modified":"2024-12-06T15:23:58Z","published":"2024-12-06T15:23:58Z","upstream":["CVE-2022-2476"],"summary":"wavpack security update","details":"WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. For version 5.0.0, several new file formats and lossless DSD audio compression were added, making WavPack a universal audio archiving solution.\r\n\r\nSecurity Fix(es):\r\n\r\nA null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING(CVE-2022-2476)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"wavpack","purl":"pkg:rpm/openEuler/wavpack\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.0-3.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["wavpack-5.3.0-3.oe2203sp1.aarch64.rpm","wavpack-debuginfo-5.3.0-3.oe2203sp1.aarch64.rpm","wavpack-debugsource-5.3.0-3.oe2203sp1.aarch64.rpm","wavpack-devel-5.3.0-3.oe2203sp1.aarch64.rpm"],"noarch":["wavpack-help-5.3.0-3.oe2203sp1.noarch.rpm"],"src":["wavpack-5.3.0-3.oe2203sp1.src.rpm"],"x86_64":["wavpack-5.3.0-3.oe2203sp1.x86_64.rpm","wavpack-debuginfo-5.3.0-3.oe2203sp1.x86_64.rpm","wavpack-debugsource-5.3.0-3.oe2203sp1.x86_64.rpm","wavpack-devel-5.3.0-3.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2515"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2476"}],"database_specific":{"severity":"Medium"}}