Jeffreyero

**Name of the Vulnerable Software and Affected Versions** Wavpack version 5.4.0 **Description** An out of bounds read issue was discovered in the processing of *.WAV files. This issue is triggered in the `WavpackPackSamples` function of the file src/pack utils.c, where the tainted variable `cnt` is too large, causing the pointer `sptr` to read beyond the heap bound. **Recommendations** For Wavpack version 5.4.0, consider restricting the use of the `WavpackPackSamples` function until a patch is available. As a temporary workaround, ensure that the `cnt` variable is properly validated to prevent it from exceeding the expected bounds, thus preventing the out of bounds read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.