Published: 31/07/2017 Updated: 08/03/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote malicious users to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sound exchange project sound exchange 14.4.2
debian debian linux 7.0
debian debian linux 8.0

Debian Bug report logs - #870328 sox: CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Aug 2017 05:21:01 UTC Severity: important Tags: securit ...

The startread function in wavc in Sound eXchange (SoX) 1442 allows attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file ...

Sound eXchange (SoX) multiple vulnerabilities ================ Author : qflbwu =============== Introduction: ============= SoX is a cross-platform (Windows, Linux, MacOS X, etc) command line utility that can convert various formats of computer audio files in to other formats It can also apply various effects to these sound files, and, as an ad ...

CWE-369 http://seclists.org/fulldisclosure/2017/Jul/81 https://www.exploit-db.com/exploits/42398/https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://security.gentoo.org/glsa/201810-02 https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870328 https://nvd.nist.gov https://www.exploit-db.com/exploits/42398/https://security.archlinux.org/CVE-2017-11332

CVE-2017-11332

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect