Published: 19/10/2017 Updated: 24/06/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sound exchange project sound exchange 14.4.2
debian debian linux 8.0
debian debian linux 7.0

Debian Bug report logs - #882144 sox: CVE-2017-15642: Use-after-free in lsx_aiffstartread Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 19 Nov 2017 16:12:02 UTC Severity: important Tags: ...

Debian Bug report logs - #878808 sox: CVE-2017-15372: stack-buffer-overflow src/adpcmc:126 in lsx_ms_adpcm_block_expand_i Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 16 Oct 2017 19:51:0 ...

In lsx_aiffstartread in aiffc in Sound eXchange (SoX) 1442, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file ...

CWE-416 https://sourceforge.net/p/sox/bugs/298/https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://sourceforge.net/p/sox/bugs/297/https://security.gentoo.org/glsa/201810-02 https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882144 https://access.redhat.com/security/cve/cve-2017-15642

CVE-2017-15642

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect