Impact
When a specially crafted WavPack audio file is processed by the GStreamer WavPack decoder, an integer overflow occurs during the calculation of the buffer size (4 * block_samples * channels). This results in a heap buffer allocation that is far too small, allowing the decoder to write decoded audio samples beyond the bounds of the allocated memory. The flaw can be exploited by a remote attacker to crash an application or potentially execute arbitrary code on a target system. The vulnerability is caused by an out‑of‑bounds write in C, classified as CWE‑190.
Affected Systems
The affected systems are Red Hat Enterprise Linux operating systems. Red Hat has identified RHEL 7, RHEL 8, RHEL 9, and RHEL 10 as impacted versions, all of which ship the GStreamer 1 plugins‑good package containing the vulnerable WavPack decoder. The issue applies to both 32‑bit and 64‑bit architectures because the vulnerable arithmetic is performed with 32‑bit integers before promotion to the allocation size type.
Risk and Exploitability
The CVSS score of 7.6 indicates a high severity, while the EPSS score of less than 1 % shows a relatively low expected exploitation rate at this time. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread, actively exploited incidents have been reported yet. The likely attack vector involves a remote attacker delivering a malicious WavPack (.wv) file and encouraging a user to open it in a media application that uses GStreamer. If the user opens the file, the application could crash or, in a higher‑impact scenario, arbitrary code execution could be achieved.
OpenCVE Enrichment