Published: 16/10/2017 Updated: 24/06/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sound exchange project sound exchange 14.4.2
debian debian linux 7.0
debian debian linux 8.0

Debian Bug report logs - #878810 sox: CVE-2017-15370: heap-buffer-overflow src/ima_rwc:126 in ImaExpandS Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 16 Oct 2017 20:00:02 UTC Severity: ...

There is a heap-based buffer overflow in the ImaExpandS function of ima_rwc in Sound eXchange (SoX) 1442 A Crafted input will lead to a denial of service attack during conversion of an audio file ...

There is a heap-based buffer overflow in the ImaExpandS function of ima_rwc in Sound eXchange (SoX) 1442 A crafted input will lead to a denial of service attack during conversion of an audio file ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=1500554 https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://security.gentoo.org/glsa/201810-02 https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878810 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-15370 https://security.archlinux.org/CVE-2017-15370

CVE-2017-15370

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect