PublicDateAtUSN: 2017-03-14
Candidate: CVE-2016-10169
PublicDate: 2017-03-14 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10169
 https://sourceforge.net/p/wavpack/mailman/message/35557889/
 https://ubuntu.com/security/notices/USN-3568-1
Description:
 The read_code function in read_words.c in Wavpack before 5.1.0 allows
 remote attackers to cause a denial of service (out-of-bounds read) via a
 crafted WV file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076
Priority: low
Discovered-by: Hanno Böck
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_wavpack:
 upstream: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
upstream_wavpack: released (5.0.0-2,5.1.0)
precise_wavpack: ignored (reached end-of-life)
precise/esm_wavpack: DNE (precise was needed)
trusty_wavpack: released (4.70.0-1ubuntu0.1)
trusty/esm_wavpack: DNE (trusty was released [4.70.0-1ubuntu0.1])
vivid/stable-phone-overlay_wavpack: ignored (reached end-of-life)
vivid/ubuntu-core_wavpack: DNE
xenial_wavpack: released (4.75.2-2ubuntu0.1)
esm-infra/xenial_wavpack: released (4.75.2-2ubuntu0.1)
yakkety_wavpack: ignored (reached end-of-life)
zesty_wavpack: not-affected (5.0.0-2)
artful_wavpack: not-affected (5.0.0-2)
devel_wavpack: not-affected (5.0.0-2)