Rohanpadhye

**Name of the Vulnerable Software and Affected Versions** libarchive version 3.3.4-dev **Description** A memory leak in the `archive read format zip cleanup` function in `archive read support format zip.c` allows remote attackers to cause a denial of service via a crafted ZIP file because of a `HAVE LZMA H` typo. This issue only affects users who downloaded the development code from GitHub, while users of the product's official releases are unaffected. **Recommendations** For libarchive version 3.3.4-dev, consider avoiding the use of the `archive read format zip cleanup` function until a fix is available. As a temporary workaround, restrict the handling of ZIP files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WavPack versions through 5.1.0 **Description** The issue is related to access to an uninitialized pointer in the WavPack audio codec. It allows a remote attacker to cause a denial of service via a DFF file lacking valid sample-rate data. The `WavpackSetConfiguration64` function in `pack utils.c` in `libwavpack.a` has a condition where a conditional jump or move depends on an uninitialized value, potentially leading to an application crash. **Recommendations** For versions through 5.1.0, consider disabling the `WavpackSetConfiguration64` function as a temporary workaround until a patch is available. Restrict access to DFF files that lack valid sample-rate data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.