Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Debian 8: DLA-1705-1 Moderate: SoX Denial Of Service vulnerabilities

debian lts
Calendar Grey March 5, 2019
Dist Debian Esm H88
Package : sox Version : 14.4.1-5+deb8u3 CVE ID : CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-20
Multiple vulnerabilities have been discovered in SoX (Sound eXchange), a sound processing program: CVE-2017-11332

Summary

The startread function (wav.c) is affected by a divide-by-zero
vulnerability when processing WAV file with zero channel count. This
flaw might be leveraged by remote attackers using a crafted WAV file
to perform denial of service (application crash).

CVE-2017-11358

The read_samples function (hcom.c) is affected by an invalid memory read
vulnerability when processing HCOM files with invalid dictionnaries. This
flaw might be leveraged by remote attackers using a crafted HCOM file to
perform denial of service (application crash).

CVE-2017-11359

The wavwritehdr function (wav.c) is affected by a divide-by-zero
vulnerability when processing WAV files with invalid channel count over
16 bits. This flaw might be leveraged by remote attackers using a crafted
WAV file to perform denial of service (application crash).

CVE-2017-15371

The sox_append_comment() function (formats.c) is vulnerable to a reachable

Read the Full Advisory


Package: sox
Version: 14.4.1-5+deb8u3
CVE ID: CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15371
Debian Bug: 878809 870328

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.