{"id":"OESA-2021-1131","summary":"wavpack security update","details":"WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. For version 5.0.0, several new file formats and lossless DSD audio compression were added, making WavPack a universal audio archiving solution.\r\n\r\nSecurity Fix(es):\r\n\r\nWavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.(CVE-2020-35738)","modified":"2025-09-03T06:17:08.993811Z","published":"2021-04-07T11:02:47Z","upstream":["CVE-2020-35738"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1131"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35738"}],"affected":[{"package":{"name":"wavpack","ecosystem":"openEuler:20.03-LTS","purl":"pkg:rpm/openEuler/wavpack&distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.0-2.oe1"}]}],"ecosystem_specific":{"noarch":["wavpack-help-5.3.0-2.oe1.noarch.rpm","wavpack-help-5.3.0-2.oe1.noarch.rpm"],"x86_64":["wavpack-5.3.0-2.oe1.x86_64.rpm","wavpack-devel-5.3.0-2.oe1.x86_64.rpm","wavpack-debugsource-5.3.0-2.oe1.x86_64.rpm","wavpack-debuginfo-5.3.0-2.oe1.x86_64.rpm","wavpack-debugsource-5.3.0-2.oe1.x86_64.rpm","wavpack-devel-5.3.0-2.oe1.x86_64.rpm","wavpack-5.3.0-2.oe1.x86_64.rpm","wavpack-debuginfo-5.3.0-2.oe1.x86_64.rpm"],"aarch64":["wavpack-debuginfo-5.3.0-2.oe1.aarch64.rpm","wavpack-devel-5.3.0-2.oe1.aarch64.rpm","wavpack-5.3.0-2.oe1.aarch64.rpm","wavpack-debugsource-5.3.0-2.oe1.aarch64.rpm","wavpack-devel-5.3.0-2.oe1.aarch64.rpm","wavpack-debugsource-5.3.0-2.oe1.aarch64.rpm","wavpack-debuginfo-5.3.0-2.oe1.aarch64.rpm","wavpack-5.3.0-2.oe1.aarch64.rpm"],"src":["wavpack-5.3.0-2.oe1.src.rpm","wavpack-5.3.0-2.oe1.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1131.json"}},{"package":{"name":"wavpack","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/wavpack&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.0-2.oe1"}]}],"ecosystem_specific":{"noarch":["wavpack-help-5.3.0-2.oe1.noarch.rpm"],"x86_64":["wavpack-debugsource-5.3.0-2.oe1.x86_64.rpm","wavpack-devel-5.3.0-2.oe1.x86_64.rpm","wavpack-5.3.0-2.oe1.x86_64.rpm","wavpack-debuginfo-5.3.0-2.oe1.x86_64.rpm"],"aarch64":["wavpack-devel-5.3.0-2.oe1.aarch64.rpm","wavpack-debugsource-5.3.0-2.oe1.aarch64.rpm","wavpack-debuginfo-5.3.0-2.oe1.aarch64.rpm","wavpack-5.3.0-2.oe1.aarch64.rpm"],"src":["wavpack-5.3.0-2.oe1.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1131.json"}}],"schema_version":"1.7.3"}