Debian: DLA-1695-1 Critical: SoX Denial Of Service Issues
debian lts
February 28, 2019
Multiple vulnerabilities have been discovered in SoX (Sound eXchange), a sound processing program: CVE-2017-15370
Topics Covered
Summary
The ImaAdpcmReadBlock function (src/wav.c) is affected by a heap buffer
overflow. This vulnerability might be leveraged by remote attackers using a crafted WAV file to cause denial of service (application crash).
CVE-2017-15372
The lsx_ms_adpcm_block_expand_i function (adpcm.c) is affected by a
stack based buffer overflow. This vulnerability might be leveraged by
remote attackers using a crafted audio file to cause denial of service
(application crash).
CVE-2017-15642
The lsx_aiffstartread function (aiff.c) is affected by a use-after-free
vulnerability. This flaw might be leveraged by remote attackers using a
crafted AIFF file to cause denial of service (application crash).
CVE-2017-18189
The startread function (xa.c) is affected by a null pointer dereference
vulnerability. This flaw might be leveraged by remote attackers using a
crafted Maxis XA audio file to cause denial of service (application
crash).
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: sox
Version: 14.4.1-5+deb8u2
CVE ID: CVE-2017-15370 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189
Debian Bug: 878808, 878810, 882144, 881121
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!