CVE-2022-2476 in wavpack
Summary
by MITRE • 07/20/2022
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/25/2026
The vulnerability identified as CVE-2022-2476 represents a critical null pointer dereference flaw within the wavpack-5.4.0 audio processing library. This issue manifests during the execution of the wvunpack utility, which is designed to decompress wavpack audio files. The vulnerability occurs when the application attempts to access memory at address zero, indicating a fundamental failure in pointer validation within the software's code execution path. The AddressSanitizer log reveals that the segmentation fault originates from line 834 in the cli/wvunpack.c source file, where the program attempts to write to a null pointer reference. This particular memory access pattern suggests that the application fails to properly validate input parameters or file structures before attempting to dereference pointers, leading to an immediate system crash when processing malformed or specially crafted wavpack files.
The technical nature of this vulnerability aligns with CWE-476, which specifically addresses null pointer dereference conditions in software implementations. This weakness creates a direct pathway for denial-of-service attacks, as malicious actors can craft specific wavpack files that trigger the null pointer dereference during decompression operations. The operational impact extends beyond simple service disruption, as the vulnerability can be exploited to crash applications that utilize the wavpack library, potentially affecting media players, audio processing systems, and any software that incorporates wavpack decompression functionality. The zero page memory access pattern indicates that the software fails to properly initialize or validate critical data structures before attempting to access them, creating a predictable crash scenario that can be reliably reproduced through controlled input manipulation.
From an attack perspective, this vulnerability fits within the ATT&CK framework under the T1499.004 technique category, specifically targeting application or system recovery mechanisms through denial-of-service conditions. The exploitability of CVE-2022-2476 is relatively straightforward since it requires only the creation of a malformed wavpack file to trigger the null pointer dereference. This makes it particularly dangerous in environments where automated processing of user-uploaded audio files occurs, such as media streaming platforms, content management systems, or collaborative software environments. The vulnerability's impact is amplified when considering that wavpack is widely used across various multimedia applications, meaning a single exploit could potentially affect multiple software ecosystems simultaneously. The segmentation fault occurs during the critical processing phase of audio decompression, making it difficult to implement graceful error handling since the application crashes before it can properly report or recover from the malformed input condition.
The recommended mitigation strategies for CVE-2022-2476 involve immediate patching of the wavpack library to version 5.4.1 or later, which contains the necessary code fixes to properly validate pointers before dereferencing. System administrators should also implement input validation measures at the application level, ensuring that all wavpack files undergo thorough integrity checks before being processed by applications that utilize the library. Additionally, deploying runtime protections such as stack canaries, address space layout randomization, and heap metadata protection can help detect and prevent exploitation attempts. Organizations should also consider implementing network-based intrusion detection systems that can identify suspicious file upload patterns that might indicate attempts to exploit this vulnerability. The fix typically involves adding proper null pointer checks in the affected code path, ensuring that all pointers are validated before access and that appropriate error handling routines are implemented to gracefully manage malformed input data. Regular security audits of multimedia processing libraries and comprehensive testing of input validation mechanisms should be implemented to prevent similar vulnerabilities from emerging in the future.