There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1500570 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html | Third Party Advisory |
https://security.gentoo.org/glsa/201810-02 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1500570 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html | Third Party Advisory |
https://security.gentoo.org/glsa/201810-02 | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1500570 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html - Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html - Third Party Advisory | |
References | () https://security.gentoo.org/glsa/201810-02 - Third Party Advisory |
24 Jun 2021, 15:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2:*:*:*:*:*:*:* |
Information
Published : 2017-10-16 04:29
Updated : 2024-11-21 03:14
NVD link : CVE-2017-15371
Mitre link : CVE-2017-15371
CVE.ORG link : CVE-2017-15371
JSON object : View
Products Affected
sound_exchange_project
- sound_exchange
debian
- debian_linux
CWE
CWE-617
Reachable Assertion