Arch Linux Security Advisory ASA-202101-23 ========================================== Severity: Medium Date : 2021-01-12 CVE-ID : CVE-2020-35738 Package : wavpack Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1387 Summary ======= The package wavpack before version 5.3.0-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.3.0-2. # pacman -Syu "wavpack>=5.3.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. Impact ====== A local user might execute arbitrary code through a crafted file. References ========== https://bugs.archlinux.org/task/69234 https://github.com/dbry/WavPack/issues/91 https://github.com/dbry/WavPack/files/5745022/crash.wav.tar.gz https://github.com/dbry/WavPack/commit/63f3ec70129843dd64e11aa4c21c4a1cf00c9f1c https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0 https://security.archlinux.org/CVE-2020-35738