Vulnerability-Lookup

CVE-2020-35738 (GCVE-0-2020-35738)

Vulnerability from cvelistv5 – Published: 2020-12-28 03:54 – Updated: 2024-08-04 17:09

Summary

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

OPENSUSE-SU-2021:0154-1

Vulnerability from csaf_opensuse - Published: 2021-01-24 17:22 - Updated: 2021-01-24 17:22

Summary

Security update for wavpack

Notes

Title of the patch

Security update for wavpack

Description of the patch

This update for wavpack fixes the following issues: - Update to version 5.4.0 * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) * fixed: disable A32 asm code when building for Apple silicon * fixed: issues with Adobe-style floating-point WAV files * added: --normalize-floats option to wvunpack for correctly exporting un-normalized floating-point files - Update to version 5.3.0 * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448 * fixed: trailing garbage characters on imported ID3v2 TXXX tags * fixed: various minor undefined behavior and memory access issues * fixed: sanitize tag extraction names for length and path inclusion * improved: reformat wvunpack 'help' and split into long + short versions * added: regression testing to Travis CI for OSS-Fuzz crashers - Updated to version 5.2.0 *fixed: potential security issues including the following CVEs: CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344), CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 and CVE-2019-1010319 * added: support for CMake, Travis CI, and Google's OSS-fuzz * fixed: use correction file for encode verify (pipe input, Windows) * fixed: correct WAV header with actual length (pipe input, -i option) * fixed: thumb interworking and not needing v6 architecture (ARM asm) * added: handle more ID3v2.3 tag items and from all file types * fixed: coredump on Sparc64 (changed MD5 implementation) * fixed: handle invalid ID3v2.3 tags from sacd-ripper * fixed: several corner-case memory leaks This update was imported from the SUSE:SLE-15:Update update project.

Patchnames

openSUSE-2021-154

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for wavpack",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n  * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n  * fixed: disable A32 asm code when building for Apple silicon\n  * fixed: issues with Adobe-style floating-point WAV files\n  * added: --normalize-floats option to wvunpack for correctly\n             exporting un-normalized floating-point files\n- Update to version 5.3.0 \n  * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n  * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n  * fixed: various minor undefined behavior and memory access issues\n  * fixed: sanitize tag extraction names for length and path inclusion\n  * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n  * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n  *fixed: potential security issues including the following CVEs:\n         CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n         CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),  \n         CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n         CVE-2018-7254,  CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n         and CVE-2019-1010319\n  * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n  * fixed: use correction file for encode verify (pipe input, Windows)\n  * fixed: correct WAV header with actual length (pipe input, -i option)\n  * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n  * added: handle more ID3v2.3 tag items and from all file types\n  * fixed: coredump on Sparc64 (changed MD5 implementation)\n  * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n  * fixed: several corner-case memory leaks\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-154",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0154-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:0154-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FD5IPNZ6LGJLORJOQVT3MAHBWF3ORQPT/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:0154-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FD5IPNZ6LGJLORJOQVT3MAHBWF3ORQPT/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091340",
        "url": "https://bugzilla.suse.com/1091340"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091341",
        "url": "https://bugzilla.suse.com/1091341"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091342",
        "url": "https://bugzilla.suse.com/1091342"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091343",
        "url": "https://bugzilla.suse.com/1091343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091344",
        "url": "https://bugzilla.suse.com/1091344"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180414",
        "url": "https://bugzilla.suse.com/1180414"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10536 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10536/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10537 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10537/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10538 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10538/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10539 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10539/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10540 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10540/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19840 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19841 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19841/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6767 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6767/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7253 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7253/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7254 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7254/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1010319 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11498 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11498/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35738 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35738/"
      }
    ],
    "title": "Security update for wavpack",
    "tracking": {
      "current_release_date": "2021-01-24T17:22:08Z",
      "generator": {
        "date": "2021-01-24T17:22:08Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:0154-1",
      "initial_release_date": "2021-01-24T17:22:08Z",
      "revision_history": [
        {
          "date": "2021-01-24T17:22:08Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-lp151.5.6.1.i586",
                "product": {
                  "name": "libwavpack1-5.4.0-lp151.5.6.1.i586",
                  "product_id": "libwavpack1-5.4.0-lp151.5.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-lp151.5.6.1.i586",
                "product": {
                  "name": "wavpack-5.4.0-lp151.5.6.1.i586",
                  "product_id": "wavpack-5.4.0-lp151.5.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
                "product": {
                  "name": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
                  "product_id": "wavpack-devel-5.4.0-lp151.5.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
                "product": {
                  "name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
                  "product_id": "libwavpack1-5.4.0-lp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
                "product": {
                  "name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
                  "product_id": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-lp151.5.6.1.x86_64",
                "product": {
                  "name": "wavpack-5.4.0-lp151.5.6.1.x86_64",
                  "product_id": "wavpack-5.4.0-lp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
                "product": {
                  "name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
                  "product_id": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586"
        },
        "product_reference": "libwavpack1-5.4.0-lp151.5.6.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-lp151.5.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64"
        },
        "product_reference": "libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586"
        },
        "product_reference": "wavpack-5.4.0-lp151.5.6.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-lp151.5.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-lp151.5.6.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586"
        },
        "product_reference": "wavpack-devel-5.4.0-lp151.5.6.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-lp151.5.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10536",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10536"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10536",
          "url": "https://www.suse.com/security/cve/CVE-2018-10536"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091344 for CVE-2018-10536",
          "url": "https://bugzilla.suse.com/1091344"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-10536"
    },
    {
      "cve": "CVE-2018-10537",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10537"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10537",
          "url": "https://www.suse.com/security/cve/CVE-2018-10537"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091343 for CVE-2018-10537",
          "url": "https://bugzilla.suse.com/1091343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-10537"
    },
    {
      "cve": "CVE-2018-10538",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10538"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10538",
          "url": "https://www.suse.com/security/cve/CVE-2018-10538"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091342 for CVE-2018-10538",
          "url": "https://bugzilla.suse.com/1091342"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10538"
    },
    {
      "cve": "CVE-2018-10539",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10539"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10539",
          "url": "https://www.suse.com/security/cve/CVE-2018-10539"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091341 for CVE-2018-10539",
          "url": "https://bugzilla.suse.com/1091341"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10539"
    },
    {
      "cve": "CVE-2018-10540",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10540"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10540",
          "url": "https://www.suse.com/security/cve/CVE-2018-10540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091340 for CVE-2018-10540",
          "url": "https://bugzilla.suse.com/1091340"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10540"
    },
    {
      "cve": "CVE-2018-19840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19840",
          "url": "https://www.suse.com/security/cve/CVE-2018-19840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120930 for CVE-2018-19840",
          "url": "https://bugzilla.suse.com/1120930"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19840"
    },
    {
      "cve": "CVE-2018-19841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19841",
          "url": "https://www.suse.com/security/cve/CVE-2018-19841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120929 for CVE-2018-19841",
          "url": "https://bugzilla.suse.com/1120929"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19841"
    },
    {
      "cve": "CVE-2018-6767",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6767"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6767",
          "url": "https://www.suse.com/security/cve/CVE-2018-6767"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079746 for CVE-2018-6767",
          "url": "https://bugzilla.suse.com/1079746"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-6767"
    },
    {
      "cve": "CVE-2018-7253",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7253"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7253",
          "url": "https://www.suse.com/security/cve/CVE-2018-7253"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1081692 for CVE-2018-7253",
          "url": "https://bugzilla.suse.com/1081692"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-7253"
    },
    {
      "cve": "CVE-2018-7254",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7254"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7254",
          "url": "https://www.suse.com/security/cve/CVE-2018-7254"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1081693 for CVE-2018-7254",
          "url": "https://bugzilla.suse.com/1081693"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-7254"
    },
    {
      "cve": "CVE-2019-1010319",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1010319"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1010319",
          "url": "https://www.suse.com/security/cve/CVE-2019-1010319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141334 for CVE-2019-1010319",
          "url": "https://bugzilla.suse.com/1141334"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-1010319"
    },
    {
      "cve": "CVE-2019-11498",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11498"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11498",
          "url": "https://www.suse.com/security/cve/CVE-2019-11498"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133384 for CVE-2019-11498",
          "url": "https://bugzilla.suse.com/1133384"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-11498"
    },
    {
      "cve": "CVE-2020-35738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
          "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35738",
          "url": "https://www.suse.com/security/cve/CVE-2020-35738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180414 for CVE-2020-35738",
          "url": "https://bugzilla.suse.com/1180414"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libwavpack1-32bit-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:libwavpack1-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-5.4.0-lp151.5.6.1.x86_64",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.i586",
            "openSUSE Leap 15.1:wavpack-devel-5.4.0-lp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:08Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-35738"
    }
  ]
}

OPENSUSE-SU-2021:0153-1

Vulnerability from csaf_opensuse - Published: 2021-01-24 17:22 - Updated: 2021-01-24 17:22

Summary

Security update for wavpack

Notes

Title of the patch

Security update for wavpack

Description of the patch

Patchnames

openSUSE-2021-153

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for wavpack",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n  * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n  * fixed: disable A32 asm code when building for Apple silicon\n  * fixed: issues with Adobe-style floating-point WAV files\n  * added: --normalize-floats option to wvunpack for correctly\n             exporting un-normalized floating-point files\n- Update to version 5.3.0 \n  * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n  * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n  * fixed: various minor undefined behavior and memory access issues\n  * fixed: sanitize tag extraction names for length and path inclusion\n  * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n  * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n  *fixed: potential security issues including the following CVEs:\n         CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n         CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),  \n         CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n         CVE-2018-7254,  CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n         and CVE-2019-1010319\n  * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n  * fixed: use correction file for encode verify (pipe input, Windows)\n  * fixed: correct WAV header with actual length (pipe input, -i option)\n  * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n  * added: handle more ID3v2.3 tag items and from all file types\n  * fixed: coredump on Sparc64 (changed MD5 implementation)\n  * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n  * fixed: several corner-case memory leaks\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-153",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0153-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:0153-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EK4DH6BBB2WPBM677O7MFUOO5UBKUW37/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:0153-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EK4DH6BBB2WPBM677O7MFUOO5UBKUW37/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091340",
        "url": "https://bugzilla.suse.com/1091340"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091341",
        "url": "https://bugzilla.suse.com/1091341"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091342",
        "url": "https://bugzilla.suse.com/1091342"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091343",
        "url": "https://bugzilla.suse.com/1091343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091344",
        "url": "https://bugzilla.suse.com/1091344"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180414",
        "url": "https://bugzilla.suse.com/1180414"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10536 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10536/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10537 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10537/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10538 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10538/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10539 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10539/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10540 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10540/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19840 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19841 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19841/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6767 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6767/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7253 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7253/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7254 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7254/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1010319 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11498 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11498/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35738 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35738/"
      }
    ],
    "title": "Security update for wavpack",
    "tracking": {
      "current_release_date": "2021-01-24T17:22:03Z",
      "generator": {
        "date": "2021-01-24T17:22:03Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:0153-1",
      "initial_release_date": "2021-01-24T17:22:03Z",
      "revision_history": [
        {
          "date": "2021-01-24T17:22:03Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-lp152.7.3.1.i586",
                "product": {
                  "name": "libwavpack1-5.4.0-lp152.7.3.1.i586",
                  "product_id": "libwavpack1-5.4.0-lp152.7.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-lp152.7.3.1.i586",
                "product": {
                  "name": "wavpack-5.4.0-lp152.7.3.1.i586",
                  "product_id": "wavpack-5.4.0-lp152.7.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
                "product": {
                  "name": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
                  "product_id": "wavpack-devel-5.4.0-lp152.7.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
                "product": {
                  "name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
                  "product_id": "libwavpack1-5.4.0-lp152.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
                "product": {
                  "name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
                  "product_id": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-lp152.7.3.1.x86_64",
                "product": {
                  "name": "wavpack-5.4.0-lp152.7.3.1.x86_64",
                  "product_id": "wavpack-5.4.0-lp152.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
                "product": {
                  "name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
                  "product_id": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586"
        },
        "product_reference": "libwavpack1-5.4.0-lp152.7.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-lp152.7.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64"
        },
        "product_reference": "libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586"
        },
        "product_reference": "wavpack-5.4.0-lp152.7.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-lp152.7.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586"
        },
        "product_reference": "wavpack-devel-5.4.0-lp152.7.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-lp152.7.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10536",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10536"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10536",
          "url": "https://www.suse.com/security/cve/CVE-2018-10536"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091344 for CVE-2018-10536",
          "url": "https://bugzilla.suse.com/1091344"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-10536"
    },
    {
      "cve": "CVE-2018-10537",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10537"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10537",
          "url": "https://www.suse.com/security/cve/CVE-2018-10537"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091343 for CVE-2018-10537",
          "url": "https://bugzilla.suse.com/1091343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-10537"
    },
    {
      "cve": "CVE-2018-10538",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10538"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10538",
          "url": "https://www.suse.com/security/cve/CVE-2018-10538"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091342 for CVE-2018-10538",
          "url": "https://bugzilla.suse.com/1091342"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10538"
    },
    {
      "cve": "CVE-2018-10539",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10539"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10539",
          "url": "https://www.suse.com/security/cve/CVE-2018-10539"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091341 for CVE-2018-10539",
          "url": "https://bugzilla.suse.com/1091341"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10539"
    },
    {
      "cve": "CVE-2018-10540",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10540"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10540",
          "url": "https://www.suse.com/security/cve/CVE-2018-10540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091340 for CVE-2018-10540",
          "url": "https://bugzilla.suse.com/1091340"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10540"
    },
    {
      "cve": "CVE-2018-19840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19840",
          "url": "https://www.suse.com/security/cve/CVE-2018-19840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120930 for CVE-2018-19840",
          "url": "https://bugzilla.suse.com/1120930"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19840"
    },
    {
      "cve": "CVE-2018-19841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19841",
          "url": "https://www.suse.com/security/cve/CVE-2018-19841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120929 for CVE-2018-19841",
          "url": "https://bugzilla.suse.com/1120929"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19841"
    },
    {
      "cve": "CVE-2018-6767",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6767"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6767",
          "url": "https://www.suse.com/security/cve/CVE-2018-6767"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079746 for CVE-2018-6767",
          "url": "https://bugzilla.suse.com/1079746"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-6767"
    },
    {
      "cve": "CVE-2018-7253",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7253"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7253",
          "url": "https://www.suse.com/security/cve/CVE-2018-7253"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1081692 for CVE-2018-7253",
          "url": "https://bugzilla.suse.com/1081692"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-7253"
    },
    {
      "cve": "CVE-2018-7254",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7254"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7254",
          "url": "https://www.suse.com/security/cve/CVE-2018-7254"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1081693 for CVE-2018-7254",
          "url": "https://bugzilla.suse.com/1081693"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-7254"
    },
    {
      "cve": "CVE-2019-1010319",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1010319"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1010319",
          "url": "https://www.suse.com/security/cve/CVE-2019-1010319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141334 for CVE-2019-1010319",
          "url": "https://bugzilla.suse.com/1141334"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-1010319"
    },
    {
      "cve": "CVE-2019-11498",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11498"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11498",
          "url": "https://www.suse.com/security/cve/CVE-2019-11498"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133384 for CVE-2019-11498",
          "url": "https://bugzilla.suse.com/1133384"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-11498"
    },
    {
      "cve": "CVE-2020-35738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
          "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35738",
          "url": "https://www.suse.com/security/cve/CVE-2020-35738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180414 for CVE-2020-35738",
          "url": "https://bugzilla.suse.com/1180414"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libwavpack1-32bit-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:libwavpack1-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-5.4.0-lp152.7.3.1.x86_64",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.i586",
            "openSUSE Leap 15.2:wavpack-devel-5.4.0-lp152.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-24T17:22:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-35738"
    }
  ]
}

OPENSUSE-SU-2024:11505-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libwavpack1-32bit-5.4.0-1.6 on GA media

Notes

Title of the patch

libwavpack1-32bit-5.4.0-1.6 on GA media

Description of the patch

These are all security issues fixed in the libwavpack1-32bit-5.4.0-1.6 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11505

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libwavpack1-32bit-5.4.0-1.6 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libwavpack1-32bit-5.4.0-1.6 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11505",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11505-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19840 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19841 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19841/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6767 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6767/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7253 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7253/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7254 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7254/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1010315 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1010315/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1010317 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1010317/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1010318 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1010318/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1010319 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11498 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11498/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35738 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35738/"
      }
    ],
    "title": "libwavpack1-32bit-5.4.0-1.6 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11505-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-1.6.aarch64",
                "product": {
                  "name": "libwavpack1-5.4.0-1.6.aarch64",
                  "product_id": "libwavpack1-5.4.0-1.6.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-5.4.0-1.6.aarch64",
                "product": {
                  "name": "libwavpack1-32bit-5.4.0-1.6.aarch64",
                  "product_id": "libwavpack1-32bit-5.4.0-1.6.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-1.6.aarch64",
                "product": {
                  "name": "wavpack-5.4.0-1.6.aarch64",
                  "product_id": "wavpack-5.4.0-1.6.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-1.6.aarch64",
                "product": {
                  "name": "wavpack-devel-5.4.0-1.6.aarch64",
                  "product_id": "wavpack-devel-5.4.0-1.6.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-1.6.ppc64le",
                "product": {
                  "name": "libwavpack1-5.4.0-1.6.ppc64le",
                  "product_id": "libwavpack1-5.4.0-1.6.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-5.4.0-1.6.ppc64le",
                "product": {
                  "name": "libwavpack1-32bit-5.4.0-1.6.ppc64le",
                  "product_id": "libwavpack1-32bit-5.4.0-1.6.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-1.6.ppc64le",
                "product": {
                  "name": "wavpack-5.4.0-1.6.ppc64le",
                  "product_id": "wavpack-5.4.0-1.6.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-1.6.ppc64le",
                "product": {
                  "name": "wavpack-devel-5.4.0-1.6.ppc64le",
                  "product_id": "wavpack-devel-5.4.0-1.6.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-1.6.s390x",
                "product": {
                  "name": "libwavpack1-5.4.0-1.6.s390x",
                  "product_id": "libwavpack1-5.4.0-1.6.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-5.4.0-1.6.s390x",
                "product": {
                  "name": "libwavpack1-32bit-5.4.0-1.6.s390x",
                  "product_id": "libwavpack1-32bit-5.4.0-1.6.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-1.6.s390x",
                "product": {
                  "name": "wavpack-5.4.0-1.6.s390x",
                  "product_id": "wavpack-5.4.0-1.6.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-1.6.s390x",
                "product": {
                  "name": "wavpack-devel-5.4.0-1.6.s390x",
                  "product_id": "wavpack-devel-5.4.0-1.6.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-1.6.x86_64",
                "product": {
                  "name": "libwavpack1-5.4.0-1.6.x86_64",
                  "product_id": "libwavpack1-5.4.0-1.6.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-5.4.0-1.6.x86_64",
                "product": {
                  "name": "libwavpack1-32bit-5.4.0-1.6.x86_64",
                  "product_id": "libwavpack1-32bit-5.4.0-1.6.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-1.6.x86_64",
                "product": {
                  "name": "wavpack-5.4.0-1.6.x86_64",
                  "product_id": "wavpack-5.4.0-1.6.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-1.6.x86_64",
                "product": {
                  "name": "wavpack-devel-5.4.0-1.6.x86_64",
                  "product_id": "wavpack-devel-5.4.0-1.6.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-1.6.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-1.6.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-1.6.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le"
        },
        "product_reference": "libwavpack1-5.4.0-1.6.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-1.6.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x"
        },
        "product_reference": "libwavpack1-5.4.0-1.6.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-1.6.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-1.6.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-32bit-5.4.0-1.6.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64"
        },
        "product_reference": "libwavpack1-32bit-5.4.0-1.6.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-32bit-5.4.0-1.6.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le"
        },
        "product_reference": "libwavpack1-32bit-5.4.0-1.6.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-32bit-5.4.0-1.6.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x"
        },
        "product_reference": "libwavpack1-32bit-5.4.0-1.6.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-32bit-5.4.0-1.6.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64"
        },
        "product_reference": "libwavpack1-32bit-5.4.0-1.6.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-1.6.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64"
        },
        "product_reference": "wavpack-5.4.0-1.6.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-1.6.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le"
        },
        "product_reference": "wavpack-5.4.0-1.6.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-1.6.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x"
        },
        "product_reference": "wavpack-5.4.0-1.6.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-1.6.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64"
        },
        "product_reference": "wavpack-5.4.0-1.6.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-1.6.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64"
        },
        "product_reference": "wavpack-devel-5.4.0-1.6.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-1.6.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le"
        },
        "product_reference": "wavpack-devel-5.4.0-1.6.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-1.6.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x"
        },
        "product_reference": "wavpack-devel-5.4.0-1.6.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-1.6.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-1.6.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-19840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19840",
          "url": "https://www.suse.com/security/cve/CVE-2018-19840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120930 for CVE-2018-19840",
          "url": "https://bugzilla.suse.com/1120930"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19840"
    },
    {
      "cve": "CVE-2018-19841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19841",
          "url": "https://www.suse.com/security/cve/CVE-2018-19841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120929 for CVE-2018-19841",
          "url": "https://bugzilla.suse.com/1120929"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19841"
    },
    {
      "cve": "CVE-2018-6767",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6767"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6767",
          "url": "https://www.suse.com/security/cve/CVE-2018-6767"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079746 for CVE-2018-6767",
          "url": "https://bugzilla.suse.com/1079746"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-6767"
    },
    {
      "cve": "CVE-2018-7253",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7253"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7253",
          "url": "https://www.suse.com/security/cve/CVE-2018-7253"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1081692 for CVE-2018-7253",
          "url": "https://bugzilla.suse.com/1081692"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-7253"
    },
    {
      "cve": "CVE-2018-7254",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7254"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7254",
          "url": "https://www.suse.com/security/cve/CVE-2018-7254"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1081693 for CVE-2018-7254",
          "url": "https://bugzilla.suse.com/1081693"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-7254"
    },
    {
      "cve": "CVE-2019-1010315",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1010315"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1010315",
          "url": "https://www.suse.com/security/cve/CVE-2019-1010315"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141337 for CVE-2019-1010315",
          "url": "https://bugzilla.suse.com/1141337"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-1010315"
    },
    {
      "cve": "CVE-2019-1010317",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1010317"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1010317",
          "url": "https://www.suse.com/security/cve/CVE-2019-1010317"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141339 for CVE-2019-1010317",
          "url": "https://bugzilla.suse.com/1141339"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-1010317"
    },
    {
      "cve": "CVE-2019-1010318",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1010318"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11498. Reason: This candidate is a reservation duplicate of CVE-2019-11498. Notes: All CVE users should reference CVE-2019-11498 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1010318",
          "url": "https://www.suse.com/security/cve/CVE-2019-1010318"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141338 for CVE-2019-1010318",
          "url": "https://bugzilla.suse.com/1141338"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-1010318"
    },
    {
      "cve": "CVE-2019-1010319",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1010319"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1010319",
          "url": "https://www.suse.com/security/cve/CVE-2019-1010319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141334 for CVE-2019-1010319",
          "url": "https://bugzilla.suse.com/1141334"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-1010319"
    },
    {
      "cve": "CVE-2019-11498",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11498"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11498",
          "url": "https://www.suse.com/security/cve/CVE-2019-11498"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133384 for CVE-2019-11498",
          "url": "https://bugzilla.suse.com/1133384"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-11498"
    },
    {
      "cve": "CVE-2020-35738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
          "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35738",
          "url": "https://www.suse.com/security/cve/CVE-2020-35738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180414 for CVE-2020-35738",
          "url": "https://bugzilla.suse.com/1180414"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-32bit-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:libwavpack1-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-5.4.0-1.6.x86_64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.aarch64",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.ppc64le",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.s390x",
            "openSUSE Tumbleweed:wavpack-devel-5.4.0-1.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-35738"
    }
  ]
}

CVE-2020-35738

Vulnerability from fstec - Published: 27.12.2020

Title

Уязвимость функции WavpackPackSamples компонента pack_utils.c аудиокодека WavPack, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Description

Уязвимость функции WavpackPackSamples компонента pack_utils.c аудиокодека WavPack связана с выходом операции за допустимые границы буфера данных. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, нарушить целостность данных, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Vendor

Сообщество свободного программного обеспечения, Canonical Ltd., ООО «РусБИТех-Астра», Red Hat Inc., Novell Inc., Fedora Project, David Bryant, АО "НППКТ", АО «НТЦ ИТ РОСА», АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Red Hat Enterprise Linux, OpenSUSE Leap, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Fedora, WavPack, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), РОСА ХРОМ (запись в едином реестре российских программ №1607), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 32 (Fedora), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), 15.2 (OpenSUSE Leap), 33 (Fedora), 5.3.0 (WavPack), до 5.4.0 (WavPack), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.5 (ОСОН ОСнова Оnyx), 12.4 (РОСА ХРОМ), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для WavPack: https://github.com/dbry/WavPack/issues/91 Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2020-35738 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2020-35738/ Для Ubuntu: https://usn.ubuntu.com/usn/usn-4682-1 Для ОС Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2020-35738 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 Для ОСОН Основа: Обновление программного обеспечения wavpack до версии 5.1.0-6+deb10u1osnova1 Для ОС ОН «Стрелец»: Обновление программного обеспечения wavpack до версии 5.0.0-2+deb9u3 Для ОС Astra Linux: обновить пакет wavpack до 5.1.0-6+deb10u1+ci202401091246+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет wavpack до 5.1.0-6+deb10u1+ci202401091246+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2024-2540

Reference

https://access.redhat.com/security/cve/cve-2020-35738 https://github.com/dbry/WavPack/commit/63f3ec70129843dd64e11aa4c21c4a1cf00c9f1c https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0 https://github.com/dbry/WavPack/issues/91 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/ https://nvd.nist.gov/vuln/detail/CVE-2020-35738 https://security-tracker.debian.org/tracker/CVE-2020-35738 https://usn.ubuntu.com/usn/usn-4682-1 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.suse.com/security/cve/CVE-2020-35738/ https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://abf.rosa.ru/advisories/ROSA-SA-2024-2540

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Novell Inc., Fedora Project, David Bryant, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 32 (Fedora), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), 15.2 (OpenSUSE Leap), 33 (Fedora), 5.3.0 (WavPack), \u0434\u043e 5.4.0 (WavPack), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f WavPack:\nhttps://github.com/dbry/WavPack/issues/91\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-35738\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2020-35738/\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/usn/usn-4682-1\n\n\u0414\u043b\u044f \u041e\u0421 Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2020-35738\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f wavpack \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.1.0-6+deb10u1osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f wavpack \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.0.0-2+deb9u3\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 wavpack \u0434\u043e 5.1.0-6+deb10u1+ci202401091246+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 wavpack \u0434\u043e 5.1.0-6+deb10u1+ci202401091246+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2024-2540",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.12.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.02.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00777",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-35738",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Red Hat Enterprise Linux, OpenSUSE Leap, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora, WavPack, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora Project Fedora 32 , Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 20.10 , Novell Inc. OpenSUSE Leap 15.2 , Fedora Project Fedora 33 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 WavpackPackSamples \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 pack_utils.c \u0430\u0443\u0434\u0438\u043e\u043a\u043e\u0434\u0435\u043a\u0430 WavPack, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 WavpackPackSamples \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 pack_utils.c \u0430\u0443\u0434\u0438\u043e\u043a\u043e\u0434\u0435\u043a\u0430 WavPack \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2020-35738\nhttps://github.com/dbry/WavPack/commit/63f3ec70129843dd64e11aa4c21c4a1cf00c9f1c\nhttps://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0\nhttps://github.com/dbry/WavPack/issues/91\nhttps://lists.debian.org/debian-lts-announce/2021/01/msg00013.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35738\nhttps://security-tracker.debian.org/tracker/CVE-2020-35738\nhttps://usn.ubuntu.com/usn/usn-4682-1\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.suse.com/security/cve/CVE-2020-35738/\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2540",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}

GHSA-PWMW-JMR6-F7C4

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-35738"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-28T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
  "id": "GHSA-pwmw-jmr6-f7c4",
  "modified": "2022-05-24T17:37:28Z",
  "published": "2022-05-24T17:37:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35738"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dbry/WavPack/issues/91"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

SUSE-SU-2021:0929-1

Vulnerability from csaf_suse - Published: 2021-03-24 11:08 - Updated: 2021-03-24 11:08

Summary

Security update for wavpack

Notes

Title of the patch

Security update for wavpack

Description of the patch

This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414).

Patchnames

HPE-Helion-OpenStack-8-2021-929,SUSE-2021-929,SUSE-OpenStack-Cloud-7-2021-929,SUSE-OpenStack-Cloud-8-2021-929,SUSE-OpenStack-Cloud-9-2021-929,SUSE-OpenStack-Cloud-Crowbar-8-2021-929,SUSE-OpenStack-Cloud-Crowbar-9-2021-929,SUSE-SLE-SAP-12-SP2-2021-929,SUSE-SLE-SAP-12-SP3-2021-929,SUSE-SLE-SAP-12-SP4-2021-929,SUSE-SLE-SDK-12-SP5-2021-929,SUSE-SLE-SERVER-12-SP2-2021-929,SUSE-SLE-SERVER-12-SP2-BCL-2021-929,SUSE-SLE-SERVER-12-SP3-2021-929,SUSE-SLE-SERVER-12-SP3-BCL-2021-929,SUSE-SLE-SERVER-12-SP4-LTSS-2021-929,SUSE-SLE-SERVER-12-SP5-2021-929

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for wavpack",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for wavpack fixes the following issues:\n\t\n- CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "HPE-Helion-OpenStack-8-2021-929,SUSE-2021-929,SUSE-OpenStack-Cloud-7-2021-929,SUSE-OpenStack-Cloud-8-2021-929,SUSE-OpenStack-Cloud-9-2021-929,SUSE-OpenStack-Cloud-Crowbar-8-2021-929,SUSE-OpenStack-Cloud-Crowbar-9-2021-929,SUSE-SLE-SAP-12-SP2-2021-929,SUSE-SLE-SAP-12-SP3-2021-929,SUSE-SLE-SAP-12-SP4-2021-929,SUSE-SLE-SDK-12-SP5-2021-929,SUSE-SLE-SERVER-12-SP2-2021-929,SUSE-SLE-SERVER-12-SP2-BCL-2021-929,SUSE-SLE-SERVER-12-SP3-2021-929,SUSE-SLE-SERVER-12-SP3-BCL-2021-929,SUSE-SLE-SERVER-12-SP4-LTSS-2021-929,SUSE-SLE-SERVER-12-SP5-2021-929",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0929-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:0929-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210929-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:0929-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008537.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180414",
        "url": "https://bugzilla.suse.com/1180414"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35738 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35738/"
      }
    ],
    "title": "Security update for wavpack",
    "tracking": {
      "current_release_date": "2021-03-24T11:08:30Z",
      "generator": {
        "date": "2021-03-24T11:08:30Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:0929-1",
      "initial_release_date": "2021-03-24T11:08:30Z",
      "revision_history": [
        {
          "date": "2021-03-24T11:08:30Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.60.99-5.9.1.aarch64",
                "product": {
                  "name": "libwavpack1-4.60.99-5.9.1.aarch64",
                  "product_id": "libwavpack1-4.60.99-5.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-4.60.99-5.9.1.aarch64",
                "product": {
                  "name": "wavpack-4.60.99-5.9.1.aarch64",
                  "product_id": "wavpack-4.60.99-5.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-4.60.99-5.9.1.aarch64",
                "product": {
                  "name": "wavpack-devel-4.60.99-5.9.1.aarch64",
                  "product_id": "wavpack-devel-4.60.99-5.9.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-64bit-4.60.99-5.9.1.aarch64_ilp32",
                "product": {
                  "name": "libwavpack1-64bit-4.60.99-5.9.1.aarch64_ilp32",
                  "product_id": "libwavpack1-64bit-4.60.99-5.9.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.60.99-5.9.1.i586",
                "product": {
                  "name": "libwavpack1-4.60.99-5.9.1.i586",
                  "product_id": "libwavpack1-4.60.99-5.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-4.60.99-5.9.1.i586",
                "product": {
                  "name": "wavpack-4.60.99-5.9.1.i586",
                  "product_id": "wavpack-4.60.99-5.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-4.60.99-5.9.1.i586",
                "product": {
                  "name": "wavpack-devel-4.60.99-5.9.1.i586",
                  "product_id": "wavpack-devel-4.60.99-5.9.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.60.99-5.9.1.ppc64le",
                "product": {
                  "name": "libwavpack1-4.60.99-5.9.1.ppc64le",
                  "product_id": "libwavpack1-4.60.99-5.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-4.60.99-5.9.1.ppc64le",
                "product": {
                  "name": "wavpack-4.60.99-5.9.1.ppc64le",
                  "product_id": "wavpack-4.60.99-5.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-4.60.99-5.9.1.ppc64le",
                "product": {
                  "name": "wavpack-devel-4.60.99-5.9.1.ppc64le",
                  "product_id": "wavpack-devel-4.60.99-5.9.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.60.99-5.9.1.s390",
                "product": {
                  "name": "libwavpack1-4.60.99-5.9.1.s390",
                  "product_id": "libwavpack1-4.60.99-5.9.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-4.60.99-5.9.1.s390",
                "product": {
                  "name": "wavpack-4.60.99-5.9.1.s390",
                  "product_id": "wavpack-4.60.99-5.9.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-4.60.99-5.9.1.s390",
                "product": {
                  "name": "wavpack-devel-4.60.99-5.9.1.s390",
                  "product_id": "wavpack-devel-4.60.99-5.9.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.60.99-5.9.1.s390x",
                "product": {
                  "name": "libwavpack1-4.60.99-5.9.1.s390x",
                  "product_id": "libwavpack1-4.60.99-5.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-4.60.99-5.9.1.s390x",
                "product": {
                  "name": "libwavpack1-32bit-4.60.99-5.9.1.s390x",
                  "product_id": "libwavpack1-32bit-4.60.99-5.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-4.60.99-5.9.1.s390x",
                "product": {
                  "name": "wavpack-4.60.99-5.9.1.s390x",
                  "product_id": "wavpack-4.60.99-5.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-4.60.99-5.9.1.s390x",
                "product": {
                  "name": "wavpack-devel-4.60.99-5.9.1.s390x",
                  "product_id": "wavpack-devel-4.60.99-5.9.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.60.99-5.9.1.x86_64",
                "product": {
                  "name": "libwavpack1-4.60.99-5.9.1.x86_64",
                  "product_id": "libwavpack1-4.60.99-5.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-4.60.99-5.9.1.x86_64",
                "product": {
                  "name": "libwavpack1-32bit-4.60.99-5.9.1.x86_64",
                  "product_id": "libwavpack1-32bit-4.60.99-5.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-4.60.99-5.9.1.x86_64",
                "product": {
                  "name": "wavpack-4.60.99-5.9.1.x86_64",
                  "product_id": "wavpack-4.60.99-5.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-4.60.99-5.9.1.x86_64",
                "product": {
                  "name": "wavpack-devel-4.60.99-5.9.1.x86_64",
                  "product_id": "wavpack-devel-4.60.99-5.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HPE Helion OpenStack 8",
                "product": {
                  "name": "HPE Helion OpenStack 8",
                  "product_id": "HPE Helion OpenStack 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:hpe-helion-openstack:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 8",
                "product": {
                  "name": "SUSE OpenStack Cloud 8",
                  "product_id": "SUSE OpenStack Cloud 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 9",
                "product": {
                  "name": "SUSE OpenStack Cloud 9",
                  "product_id": "SUSE OpenStack Cloud 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 8",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 8",
                  "product_id": "SUSE OpenStack Cloud Crowbar 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 9",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 9",
                  "product_id": "SUSE OpenStack Cloud Crowbar 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.s390x as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:libwavpack1-4.60.99-5.9.1.s390x"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.s390x",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libwavpack1-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwavpack1-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libwavpack1-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-4.60.99-5.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.aarch64"
        },
        "product_reference": "wavpack-4.60.99-5.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "wavpack-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-4.60.99-5.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.s390x"
        },
        "product_reference": "wavpack-4.60.99-5.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "wavpack-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-4.60.99-5.9.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.aarch64"
        },
        "product_reference": "wavpack-devel-4.60.99-5.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "wavpack-devel-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-4.60.99-5.9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.s390x"
        },
        "product_reference": "wavpack-devel-4.60.99-5.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.s390x"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.aarch64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.s390x"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.aarch64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.s390x"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.aarch64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.s390x"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.aarch64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.s390x"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.60.99-5.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.x86_64"
        },
        "product_reference": "libwavpack1-4.60.99-5.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-35738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libwavpack1-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwavpack1-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libwavpack1-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.x86_64",
          "SUSE OpenStack Cloud 7:libwavpack1-4.60.99-5.9.1.s390x",
          "SUSE OpenStack Cloud 7:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE OpenStack Cloud 8:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE OpenStack Cloud 9:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:libwavpack1-4.60.99-5.9.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libwavpack1-4.60.99-5.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35738",
          "url": "https://www.suse.com/security/cve/CVE-2020-35738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180414 for CVE-2020-35738",
          "url": "https://bugzilla.suse.com/1180414"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud 7:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE OpenStack Cloud 7:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud 8:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud 9:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libwavpack1-4.60.99-5.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.9.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud 7:libwavpack1-4.60.99-5.9.1.s390x",
            "SUSE OpenStack Cloud 7:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud 8:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud 9:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:libwavpack1-4.60.99-5.9.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libwavpack1-4.60.99-5.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-03-24T11:08:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-35738"
    }
  ]
}

SUSE-SU-2021:14669-1

Vulnerability from csaf_suse - Published: 2021-03-19 14:48 - Updated: 2021-03-19 14:48

Summary

Security update for wavpack

Notes

Title of the patch

Security update for wavpack

Description of the patch

This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414).

Patchnames

sleposp3-wavpack-14669,slessp4-wavpack-14669

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for wavpack",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for wavpack fixes the following issues:\n\n- CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-wavpack-14669,slessp4-wavpack-14669",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_14669-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:14669-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114669-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:14669-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008521.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180414",
        "url": "https://bugzilla.suse.com/1180414"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35738 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35738/"
      }
    ],
    "title": "Security update for wavpack",
    "tracking": {
      "current_release_date": "2021-03-19T14:48:23Z",
      "generator": {
        "date": "2021-03-19T14:48:23Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:14669-1",
      "initial_release_date": "2021-03-19T14:48:23Z",
      "revision_history": [
        {
          "date": "2021-03-19T14:48:23Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.50.1-1.33.1.i586",
                "product": {
                  "name": "libwavpack1-4.50.1-1.33.1.i586",
                  "product_id": "libwavpack1-4.50.1-1.33.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.50.1-1.33.1.ppc64",
                "product": {
                  "name": "libwavpack1-4.50.1-1.33.1.ppc64",
                  "product_id": "libwavpack1-4.50.1-1.33.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.50.1-1.33.1.s390x",
                "product": {
                  "name": "libwavpack1-4.50.1-1.33.1.s390x",
                  "product_id": "libwavpack1-4.50.1-1.33.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-4.50.1-1.33.1.x86_64",
                "product": {
                  "name": "libwavpack1-4.50.1-1.33.1.x86_64",
                  "product_id": "libwavpack1-4.50.1-1.33.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.50.1-1.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libwavpack1-4.50.1-1.33.1.i586"
        },
        "product_reference": "libwavpack1-4.50.1-1.33.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.50.1-1.33.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.i586"
        },
        "product_reference": "libwavpack1-4.50.1-1.33.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.50.1-1.33.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.ppc64"
        },
        "product_reference": "libwavpack1-4.50.1-1.33.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.50.1-1.33.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.s390x"
        },
        "product_reference": "libwavpack1-4.50.1-1.33.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-4.50.1-1.33.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.x86_64"
        },
        "product_reference": "libwavpack1-4.50.1-1.33.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-35738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:libwavpack1-4.50.1-1.33.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35738",
          "url": "https://www.suse.com/security/cve/CVE-2020-35738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180414 for CVE-2020-35738",
          "url": "https://bugzilla.suse.com/1180414"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:libwavpack1-4.50.1-1.33.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:libwavpack1-4.50.1-1.33.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:libwavpack1-4.50.1-1.33.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-03-19T14:48:23Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-35738"
    }
  ]
}

SUSE-SU-2021:0186-1

Vulnerability from csaf_suse - Published: 2021-01-21 13:56 - Updated: 2021-01-21 13:56

Summary

Security update for wavpack

Notes

Title of the patch

Security update for wavpack

Description of the patch

Patchnames

SUSE-2021-186,SUSE-SLE-Module-Basesystem-15-SP2-2021-186,SUSE-SLE-Module-Basesystem-15-SP3-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-186,SUSE-SLE-Product-HPC-15-2021-186,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-186,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES-15-2021-186,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-186,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES_SAP-15-2021-186,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-186,SUSE-Storage-6-2021-186

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for wavpack",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for wavpack fixes the following issues:\n\n- Update to version 5.4.0\n  * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) \n  * fixed: disable A32 asm code when building for Apple silicon\n  * fixed: issues with Adobe-style floating-point WAV files\n  * added: --normalize-floats option to wvunpack for correctly\n             exporting un-normalized floating-point files\n- Update to version 5.3.0 \n  * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448\n  * fixed: trailing garbage characters on imported ID3v2 TXXX tags\n  * fixed: various minor undefined behavior and memory access issues\n  * fixed: sanitize tag extraction names for length and path inclusion\n  * improved: reformat wvunpack \u0027help\u0027 and split into long + short versions\n  * added: regression testing to Travis CI for OSS-Fuzz crashers\n- Updated to version 5.2.0 \n  *fixed: potential security issues including the following CVEs:\n         CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),\n         CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),  \n         CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), \n         CVE-2018-7254,  CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 \n         and CVE-2019-1010319\n  * added: support for CMake, Travis CI, and Google\u0027s OSS-fuzz\n  * fixed: use correction file for encode verify (pipe input, Windows)\n  * fixed: correct WAV header with actual length (pipe input, -i option)\n  * fixed: thumb interworking and not needing v6 architecture (ARM asm)\n  * added: handle more ID3v2.3 tag items and from all file types\n  * fixed: coredump on Sparc64 (changed MD5 implementation)\n  * fixed: handle invalid ID3v2.3 tags from sacd-ripper\n  * fixed: several corner-case memory leaks\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-186,SUSE-SLE-Module-Basesystem-15-SP2-2021-186,SUSE-SLE-Module-Basesystem-15-SP3-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-186,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-186,SUSE-SLE-Product-HPC-15-2021-186,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-186,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES-15-2021-186,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-186,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-186,SUSE-SLE-Product-SLES_SAP-15-2021-186,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-186,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-186,SUSE-Storage-6-2021-186",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0186-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:0186-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210186-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:0186-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008234.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091340",
        "url": "https://bugzilla.suse.com/1091340"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091341",
        "url": "https://bugzilla.suse.com/1091341"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091342",
        "url": "https://bugzilla.suse.com/1091342"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091343",
        "url": "https://bugzilla.suse.com/1091343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091344",
        "url": "https://bugzilla.suse.com/1091344"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180414",
        "url": "https://bugzilla.suse.com/1180414"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10536 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10536/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10537 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10537/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10538 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10538/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10539 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10539/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10540 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10540/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19840 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19841 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19841/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6767 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6767/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7253 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7253/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7254 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7254/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-1010319 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-1010319/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11498 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11498/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35738 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35738/"
      }
    ],
    "title": "Security update for wavpack",
    "tracking": {
      "current_release_date": "2021-01-21T13:56:16Z",
      "generator": {
        "date": "2021-01-21T13:56:16Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:0186-1",
      "initial_release_date": "2021-01-21T13:56:16Z",
      "revision_history": [
        {
          "date": "2021-01-21T13:56:16Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-4.9.1.aarch64",
                "product": {
                  "name": "libwavpack1-5.4.0-4.9.1.aarch64",
                  "product_id": "libwavpack1-5.4.0-4.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-4.9.1.aarch64",
                "product": {
                  "name": "wavpack-5.4.0-4.9.1.aarch64",
                  "product_id": "wavpack-5.4.0-4.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-4.9.1.aarch64",
                "product": {
                  "name": "wavpack-devel-5.4.0-4.9.1.aarch64",
                  "product_id": "wavpack-devel-5.4.0-4.9.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32",
                "product": {
                  "name": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32",
                  "product_id": "libwavpack1-64bit-5.4.0-4.9.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-4.9.1.i586",
                "product": {
                  "name": "libwavpack1-5.4.0-4.9.1.i586",
                  "product_id": "libwavpack1-5.4.0-4.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-4.9.1.i586",
                "product": {
                  "name": "wavpack-5.4.0-4.9.1.i586",
                  "product_id": "wavpack-5.4.0-4.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-4.9.1.i586",
                "product": {
                  "name": "wavpack-devel-5.4.0-4.9.1.i586",
                  "product_id": "wavpack-devel-5.4.0-4.9.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-4.9.1.ppc64le",
                "product": {
                  "name": "libwavpack1-5.4.0-4.9.1.ppc64le",
                  "product_id": "libwavpack1-5.4.0-4.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-4.9.1.ppc64le",
                "product": {
                  "name": "wavpack-5.4.0-4.9.1.ppc64le",
                  "product_id": "wavpack-5.4.0-4.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-4.9.1.ppc64le",
                "product": {
                  "name": "wavpack-devel-5.4.0-4.9.1.ppc64le",
                  "product_id": "wavpack-devel-5.4.0-4.9.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-4.9.1.s390x",
                "product": {
                  "name": "libwavpack1-5.4.0-4.9.1.s390x",
                  "product_id": "libwavpack1-5.4.0-4.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-4.9.1.s390x",
                "product": {
                  "name": "wavpack-5.4.0-4.9.1.s390x",
                  "product_id": "wavpack-5.4.0-4.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-4.9.1.s390x",
                "product": {
                  "name": "wavpack-devel-5.4.0-4.9.1.s390x",
                  "product_id": "wavpack-devel-5.4.0-4.9.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libwavpack1-5.4.0-4.9.1.x86_64",
                "product": {
                  "name": "libwavpack1-5.4.0-4.9.1.x86_64",
                  "product_id": "libwavpack1-5.4.0-4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libwavpack1-32bit-5.4.0-4.9.1.x86_64",
                "product": {
                  "name": "libwavpack1-32bit-5.4.0-4.9.1.x86_64",
                  "product_id": "libwavpack1-32bit-5.4.0-4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-5.4.0-4.9.1.x86_64",
                "product": {
                  "name": "wavpack-5.4.0-4.9.1.x86_64",
                  "product_id": "wavpack-5.4.0-4.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "wavpack-devel-5.4.0-4.9.1.x86_64",
                "product": {
                  "name": "wavpack-devel-5.4.0-4.9.1.x86_64",
                  "product_id": "wavpack-devel-5.4.0-4.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP1-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP1-BCL",
                  "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_bcl:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy 4.0",
                "product": {
                  "name": "SUSE Manager Proxy 4.0",
                  "product_id": "SUSE Manager Proxy 4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-proxy:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Retail Branch Server 4.0",
                "product": {
                  "name": "SUSE Manager Retail Branch Server 4.0",
                  "product_id": "SUSE Manager Retail Branch Server 4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.0",
                "product": {
                  "name": "SUSE Manager Server 4.0",
                  "product_id": "SUSE Manager Server 4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 6",
                "product": {
                  "name": "SUSE Enterprise Storage 6",
                  "product_id": "SUSE Enterprise Storage 6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
          "product_id": "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
          "product_id": "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Proxy 4.0",
          "product_id": "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
          "product_id": "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
          "product_id": "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
          "product_id": "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.ppc64le as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.s390x as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libwavpack1-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "libwavpack1-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.aarch64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wavpack-devel-5.4.0-4.9.1.x86_64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64"
        },
        "product_reference": "wavpack-devel-5.4.0-4.9.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10536",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10536"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10536",
          "url": "https://www.suse.com/security/cve/CVE-2018-10536"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091344 for CVE-2018-10536",
          "url": "https://bugzilla.suse.com/1091344"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-10536"
    },
    {
      "cve": "CVE-2018-10537",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10537"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10537",
          "url": "https://www.suse.com/security/cve/CVE-2018-10537"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091343 for CVE-2018-10537",
          "url": "https://bugzilla.suse.com/1091343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-10537"
    },
    {
      "cve": "CVE-2018-10538",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10538"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10538",
          "url": "https://www.suse.com/security/cve/CVE-2018-10538"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091342 for CVE-2018-10538",
          "url": "https://bugzilla.suse.com/1091342"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10538"
    },
    {
      "cve": "CVE-2018-10539",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10539"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10539",
          "url": "https://www.suse.com/security/cve/CVE-2018-10539"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091341 for CVE-2018-10539",
          "url": "https://bugzilla.suse.com/1091341"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10539"
    },
    {
      "cve": "CVE-2018-10540",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10540"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10540",
          "url": "https://www.suse.com/security/cve/CVE-2018-10540"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091340 for CVE-2018-10540",
          "url": "https://bugzilla.suse.com/1091340"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10540"
    },
    {
      "cve": "CVE-2018-19840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19840",
          "url": "https://www.suse.com/security/cve/CVE-2018-19840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120930 for CVE-2018-19840",
          "url": "https://bugzilla.suse.com/1120930"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19840"
    },
    {
      "cve": "CVE-2018-19841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19841",
          "url": "https://www.suse.com/security/cve/CVE-2018-19841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120929 for CVE-2018-19841",
          "url": "https://bugzilla.suse.com/1120929"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19841"
    },
    {
      "cve": "CVE-2018-6767",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6767"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6767",
          "url": "https://www.suse.com/security/cve/CVE-2018-6767"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079746 for CVE-2018-6767",
          "url": "https://bugzilla.suse.com/1079746"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-6767"
    },
    {
      "cve": "CVE-2018-7253",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7253"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7253",
          "url": "https://www.suse.com/security/cve/CVE-2018-7253"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1081692 for CVE-2018-7253",
          "url": "https://bugzilla.suse.com/1081692"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-7253"
    },
    {
      "cve": "CVE-2018-7254",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7254"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7254",
          "url": "https://www.suse.com/security/cve/CVE-2018-7254"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1081693 for CVE-2018-7254",
          "url": "https://bugzilla.suse.com/1081693"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-7254"
    },
    {
      "cve": "CVE-2019-1010319",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-1010319"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-1010319",
          "url": "https://www.suse.com/security/cve/CVE-2019-1010319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141334 for CVE-2019-1010319",
          "url": "https://bugzilla.suse.com/1141334"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-1010319"
    },
    {
      "cve": "CVE-2019-11498",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11498"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11498",
          "url": "https://www.suse.com/security/cve/CVE-2019-11498"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133384 for CVE-2019-11498",
          "url": "https://bugzilla.suse.com/1133384"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-11498"
    },
    {
      "cve": "CVE-2020-35738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
          "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35738",
          "url": "https://www.suse.com/security/cve/CVE-2020-35738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180414 for CVE-2020-35738",
          "url": "https://bugzilla.suse.com/1180414"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Enterprise Storage 6:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Proxy 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:libwavpack1-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-5.4.0-4.9.1.x86_64",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.ppc64le",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.s390x",
            "SUSE Manager Server 4.0:wavpack-devel-5.4.0-4.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-21T13:56:16Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-35738"
    }
  ]
}

GSD-2020-35738

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-35738

Aliases

CVE-2020-35738

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-35738",
    "description": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
    "id": "GSD-2020-35738",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-35738.html",
      "https://ubuntu.com/security/CVE-2020-35738",
      "https://advisories.mageia.org/CVE-2020-35738.html",
      "https://security.archlinux.org/CVE-2020-35738"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-35738"
      ],
      "details": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.",
      "id": "GSD-2020-35738",
      "modified": "2023-12-13T01:22:00.897698Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-35738",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/dbry/WavPack/issues/91",
            "refsource": "MISC",
            "url": "https://github.com/dbry/WavPack/issues/91"
          },
          {
            "name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
          },
          {
            "name": "FEDORA-2021-5c83efb61c",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/"
          },
          {
            "name": "FEDORA-2021-de45e7bb88",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/"
          },
          {
            "name": "FEDORA-2021-2e2fc2eac6",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/"
          },
          {
            "name": "FEDORA-2021-b7826fcedf",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:wavpack:wavpack:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35738"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                },
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/dbry/WavPack/issues/91",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/dbry/WavPack/issues/91"
            },
            {
              "name": "[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
            },
            {
              "name": "FEDORA-2021-5c83efb61c",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/"
            },
            {
              "name": "FEDORA-2021-de45e7bb88",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/"
            },
            {
              "name": "FEDORA-2021-b7826fcedf",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/"
            },
            {
              "name": "FEDORA-2021-2e2fc2eac6",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-12-28T04:15Z"
    }
  }
}

FKIE_CVE-2020-35738

Vulnerability from fkie_nvd - Published: 2020-12-28 04:15 - Updated: 2024-11-21 05:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Summary

References

URL	Tags
cve@mitre.org	https://github.com/dbry/WavPack/issues/91	Exploit, Patch, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dbry/WavPack/issues/91	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/

Impacted products

Vendor	Product	Version
wavpack	wavpack	5.3.0
debian	debian_linux	9.0
fedoraproject	fedora	32
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wavpack:wavpack:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA33A21-C9AB-41D9-B1D1-4E3171B56C27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected."
    },
    {
      "lang": "es",
      "value": "WavPack versi\u00f3n 5.3.0, presenta una escritura fuera de l\u00edmites en la funci\u00f3n WavpackPackSamples en el archivo pack_utils.c debido a un desbordamiento de enteros en un argumento malloc.\u0026#xa0;NOTA: algunos terceros afirman que existen versiones \"unofficial\" posteriores hasta la 5.3.2, que tambi\u00e9n est\u00e1n afectadas"
    }
  ],
  "id": "CVE-2020-35738",
  "lastModified": "2024-11-21T05:27:59.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-28T04:15:12.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dbry/WavPack/issues/91"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dbry/WavPack/issues/91"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2YZLKYE66EU4XRHTABV5LB2G7ZDZ422F/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76B7K6F74FDQATG7FECXR5KPIG52O2VL/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENN4ZXRPZULEJOYTTLUZMBZ5H46QTUC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDFY4NGGDUTLVID5PNVU7LL2G2ZJLZFY/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-44695

Vulnerability from cnvd - Published: 2021-06-24

Title

WavPack越界写入漏洞（CNVD-2021-44695）

Description

WavPack是一个自由、开放源代码的无损音频压缩格式，其文件的后缀名为.wv。 WavPack 5.3.0中的pack_utils.c中的WavpackPackSamples存在越界写入漏洞，该漏洞源于malloc参数存在整数溢出，攻击者可利用该漏洞导致拒绝服务。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://github.com/dbry/WavPack

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-35738

Impacted products

Name
WavPack WavPack 5.3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-35738",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-35738"
    }
  },
  "description": "WavPack\u662f\u4e00\u4e2a\u81ea\u7531\u3001\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u65e0\u635f\u97f3\u9891\u538b\u7f29\u683c\u5f0f\uff0c\u5176\u6587\u4ef6\u7684\u540e\u7f00\u540d\u4e3a.wv\u3002\n\nWavPack 5.3.0\u4e2d\u7684pack_utils.c\u4e2d\u7684WavpackPackSamples\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8emalloc\u53c2\u6570\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/dbry/WavPack",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-44695",
  "openTime": "2021-06-24",
  "products": {
    "product": "WavPack WavPack 5.3.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-35738",
  "serverity": "\u4e2d",
  "submitTime": "2020-12-29",
  "title": "WavPack\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2021-44695\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-35738 (GCVE-0-2020-35738)

Tags

Sightings

Nomenclature