CVE-2021-44269

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wavpack version 5.4.0

Description An out of bounds read issue was discovered in the processing of *.WAV files. This issue is triggered in the WavpackPackSamples function of the file src/pack utils.c, where the tainted variable cnt is too large, causing the pointer sptr to read beyond the heap bound.

Recommendations For Wavpack version 5.4.0, consider restricting the use of the WavpackPackSamples function until a patch is available. As a temporary workaround, ensure that the cnt variable is properly validated to prevent it from exceeding the expected bounds, thus preventing the out of bounds read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:7558

ALSA-2022:8139

ALT-PU-2022-3448

ALT-PU-2023-1186

AZL-8977

BDU:2025-16162

CESA-2022_7558

CVE-2021-44269

INFSA-2022_8139

MGASA-2022-0125

OPENSUSE-SU-2022:0954-1

OPENSUSE-SU-2022_0954-1

OPENSUSE-SU-2024:11938-1

RHSA-2022:7558

RHSA-2022:8139

RHSA-2022_7558

RHSA-2022_8139

RLSA-2022:7558

RLSA-2022:8139

SUSE-SU-2022:0954-1

SUSE-SU-2022_0954-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Suse

Wavpack

CVE-2021-44269

Weakness Enumeration

Related Identifiers

Affected Products

References · 41