Candidate: CVE-2016-10171
PublicDate: 2017-03-14 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10171
 https://sourceforge.net/p/wavpack/mailman/message/35561939/
Description:
 The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0
 allows remote attackers to cause a denial of service (out-of-bounds read)
 via a crafted WV file.
Ubuntu-Description:
Notes:
 leosilva> code affected not present in trusty or xenial
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076
Priority: low
Discovered-by: Hanno Böck
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_wavpack:
 upstream: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
upstream_wavpack: released (5.0.0-2,5.1.0)
precise_wavpack: ignored (reached end-of-life)
precise/esm_wavpack: DNE (precise was needed)
trusty_wavpack: not-affected
trusty/esm_wavpack: DNE (trusty was not-affected)
vivid/stable-phone-overlay_wavpack: ignored (reached end-of-life)
vivid/ubuntu-core_wavpack: DNE
xenial_wavpack: not-affected
esm-infra/xenial_wavpack: not-affected
yakkety_wavpack: ignored (reached end-of-life)
zesty_wavpack: not-affected (5.0.0-2)
artful_wavpack: not-affected (5.0.0-2)
devel_wavpack: not-affected (5.0.0-2)