Out-of-Bounds Write Vulnerability in WavPack 5.3.0 and Later Versions

Out-of-Bounds Write Vulnerability in WavPack 5.3.0 and Later Versions

CVE-2020-35738 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.

Learn more about our Web Application Penetration Testing UK.