Published: 16/10/2017 Updated: 24/06/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sound exchange project sound exchange 14.4.2
debian debian linux 7.0
debian debian linux 8.0

Debian Bug report logs - #878809 sox: CVE-2017-15371 Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 16 Oct 2017 19:57:02 UTC Severity: important Tags: security, upstream Found in version ...

There is a reachable assertion abort in the function sox_append_comment() in formatsc in Sound eXchange (SoX) 1442 A Crafted input will lead to a denial of service attack during conversion of an audio file ...

There is a reachable assertion abort in the function sox_append_comment() in formatsc in Sound eXchange (SoX) 1442 A crafted input will lead to a denial of service attack during conversion of an audio file ...

CWE-617 https://bugzilla.redhat.com/show_bug.cgi?id=1500570 https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://security.gentoo.org/glsa/201810-02 https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878809 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-15371 https://security.archlinux.org/CVE-2017-15371

CVE-2017-15371

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect