Description
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | =1.26.10-1 || =1.26.2-1 || =1.26.2-1+deb13u1 || =1.26.3-1 || =1.26.4-1 || =1.26.5-1 || =1.26.5-2 || =1.26.5-2+hurd.1 || =1.26.5-3 || =1.26.6-1 || =1.26.7-1 || =1.26.8-1 || =1.26.9-1 || =1.27.1-1 || =1.27.2-1 || =1.27.50-1 || =1.27.50-2 || =1.27.90-1 || =1.28.0-1 || =1.28.1-1 || =1.28.2-1 || =1.28.2-2 || =1.28.2-3 || =1.28.2-4 || =1.28.3-1 || =1.28.4-1 || =1.29.1-1 | - |
 rpm rhel10 | | - | - |
rpm rhel7 | | - | - |
debian 14 | | =1.26.10-1 || =1.26.2-1 || =1.26.3-1 || =1.26.4-1 || =1.26.5-1 || =1.26.5-2 || =1.26.5-2+hurd.1 || =1.26.5-3 || =1.26.6-1 || =1.26.7-1 || =1.26.8-1 || =1.26.9-1 || =1.27.1-1 || =1.27.2-1 || =1.27.50-1 || =1.27.50-2 || =1.27.90-1 || =1.28.0-1 || =1.28.1-1 || =1.28.2-1 || =1.28.2-2 || =1.28.2-3 || =1.28.2-4 || =1.28.3-1 || >=0 <1.28.4-1 | 1.28.4-1 |
rpm rhel8 | | - | - |
debian 11 | | =1.18.4-2 || =1.18.4-2+deb11u1 || =1.18.4-2+deb11u2 || =1.18.4-2+deb11u3 || =1.18.4-2+deb11u4 || =1.18.5-1 || =1.18.5-1+hurd.1 || =1.18.5-2 || =1.19.90-1 || =1.20.0-1 || =1.20.0-2 || =1.20.1-1 || =1.20.2-1 || =1.20.3-1 || =1.20.5-1 || =1.20.5-2 || =1.22.0-1 || =1.22.0-2 || =1.22.0-3 || =1.22.0-4 || =1.22.0-5 || =1.22.1-1 || =1.22.10-1 || =1.22.3-1 || =1.22.3-2 || =1.22.4-1 || =1.22.5-1 || =1.22.6-1 || =1.22.7-1 || =1.22.8-1 || =1.22.8-2 || =1.22.8-3 || =1.22.9-1 || =1.23.1-1 || =1.23.2-1 || =1.23.90-1 || =1.24.0-1 || =1.24.1-1 || =1.24.1-2 || =1.24.10-1 || =1.24.11-1 || =1.24.11-2 || =1.24.11-3 || =1.24.11-4 || =1.24.11-5 || =1.24.12-1 || =1.24.2-1 || =1.24.3-1 || =1.24.4-1 || =1.24.5-1 || =1.24.6-1 || =1.24.7-1 || =1.24.8-1 || =1.24.9-1 || =1.25.1-1 || =1.25.1-2 || =1.25.1-3 || =1.25.50-1 || =1.25.90-1 || =1.25.90-2 || =1.26.0-1 || =1.26.1-1 || =1.26.10-1 || =1.26.2-1 || =1.26.3-1 || =1.26.4-1 || =1.26.5-1 || =1.26.5-2 || =1.26.5-2+hurd.1 || =1.26.5-3 || =1.26.6-1 || =1.26.7-1 || =1.26.8-1 || =1.26.9-1 || =1.27.1-1 || =1.27.2-1 || =1.27.50-1 || =1.27.50-2 || =1.27.90-1 || =1.28.0-1 || =1.28.1-1 || =1.28.2-1 || =1.28.2-2 || =1.28.2-3 || =1.28.2-4 || =1.28.3-1 || =1.28.4-1 || =1.29.1-1 | - |
debian 12 | | =1.22.0-5 || =1.22.0-5+deb12u1 || =1.22.0-5+deb12u2 || =1.22.0-5+deb12u3 || =1.22.1-1 || =1.22.10-1 || =1.22.3-1 || =1.22.3-2 || =1.22.4-1 || =1.22.5-1 || =1.22.6-1 || =1.22.7-1 || =1.22.8-1 || =1.22.8-2 || =1.22.8-3 || =1.22.9-1 || =1.23.1-1 || =1.23.2-1 || =1.23.90-1 || =1.24.0-1 || =1.24.1-1 || =1.24.1-2 || =1.24.10-1 || =1.24.11-1 || =1.24.11-2 || =1.24.11-3 || =1.24.11-4 || =1.24.11-5 || =1.24.12-1 || =1.24.2-1 || =1.24.3-1 || =1.24.4-1 || =1.24.5-1 || =1.24.6-1 || =1.24.7-1 || =1.24.8-1 || =1.24.9-1 || =1.25.1-1 || =1.25.1-2 || =1.25.1-3 || =1.25.50-1 || =1.25.90-1 || =1.25.90-2 || =1.26.0-1 || =1.26.1-1 || =1.26.10-1 || =1.26.2-1 || =1.26.3-1 || =1.26.4-1 || =1.26.5-1 || =1.26.5-2 || =1.26.5-2+hurd.1 || =1.26.5-3 || =1.26.6-1 || =1.26.7-1 || =1.26.8-1 || =1.26.9-1 || =1.27.1-1 || =1.27.2-1 || =1.27.50-1 || =1.27.50-2 || =1.27.90-1 || =1.28.0-1 || =1.28.1-1 || =1.28.2-1 || =1.28.2-2 || =1.28.2-3 || =1.28.2-4 || =1.28.3-1 || =1.28.4-1 || =1.29.1-1 | - |
rpm rhel9 | | - | - |
