VulnerableCode Package Details - pkg:deb/debian/wavpack@5.4.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-633b-86de-nbgr Aliases: CVE-2021-44269	An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.	5.6.0-1 Affected by 0 other vulnerabilities.
VCID-ffzt-cz3e-bygu Aliases: CVE-2022-2476	wavpack: null pointer dereference in main() in cli/wvunpack.c	5.6.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-633b-86de-nbgr
Aliases:
CVE-2021-44269

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

5.6.0-1
Affected by 0 other vulnerabilities.

VCID-ffzt-cz3e-bygu
Aliases:
CVE-2022-2476

wavpack: null pointer dereference in main() in cli/wvunpack.c

5.6.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-f1v5-pd99-y3eb	WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.	CVE-2019-1010317
VCID-ss5j-h9wy-zbac	WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.	CVE-2019-1010319
VCID-tjgn-by8a-3ucv	WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.	CVE-2020-35738

Vulnerability

Summary

Aliases

VCID-f1v5-pd99-y3eb

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.

CVE-2019-1010317

VCID-ss5j-h9wy-zbac

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.

CVE-2019-1010319

VCID-tjgn-by8a-3ucv

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.

CVE-2020-35738

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T01:07:22.438849+00:00	Debian Oval Importer	Fixing	VCID-tjgn-by8a-3ucv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T01:02:12.493329+00:00	Debian Oval Importer	Fixing	VCID-ss5j-h9wy-zbac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T00:48:03.309655+00:00	Debian Oval Importer	Fixing	VCID-f1v5-pd99-y3eb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T19:52:43.610282+00:00	Debian Importer	Affected by	VCID-633b-86de-nbgr	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-05T19:12:07.042059+00:00	Debian Importer	Affected by	VCID-ffzt-cz3e-bygu	https://security-tracker.debian.org/tracker/data/json	38.6.0