The readnewconfiginfo function in openutils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
{ "urgency": "not yet assigned" }