---

CVE-2020-35738 - log back

CVE-2020-35738 edited at 30 Dec 2020 11:13:29
References	https://github.com/dbry/WavPack/issues/91 https://github.com/dbry/WavPack/files/5745022/crash.wav.tar.gz + https://github.com/dbry/WavPack/commit/63f3ec70129843dd64e11aa4c21c4a1cf00c9f1c + https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0

CVE-2020-35738 edited at 28 Dec 2020 08:33:29
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument.
References	+ https://github.com/dbry/WavPack/issues/91 + https://github.com/dbry/WavPack/files/5745022/crash.wav.tar.gz
Notes

CVE-2020-35738 created at 28 Dec 2020 08:32:17