Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11332 — Divide By Zero in Exchange Project Sound Exchange

CWE-369 — Divide By Zero9 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

2.6%

top 14.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Linux Sound Exchange Project Sound Exchange

Timeline

PublishedJul 31

Latest updateMay 14

Description

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDsound_exchange_project/sound_exchange14.4.2

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-2454-3wfw-h893: The startread function in wav↗2022-05-14

▶

OSV

CVE-2017-11332: The startread function in wav↗2017-07-31

▶

CVEList

CVE-2017-11332: The startread function in wav↗2017-07-31

▶

💥Exploits & PoCs

Exploit-DB

Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities↗2017-07-31

▶

📋Vendor Advisories

Red Hat

sox: Divide by zero in startread function in wav.c↗2017-07-30

▶

Debian

CVE-2017-11332: sox - The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote att...↗2017

▶

💬Community

Bugzilla

CVE-2017-11332 sox: Divide by zero in startread function in wav.c↗2017-08-11

▶

Bugzilla

CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 sox: various flaws [fedora-all]↗2017-08-11

▶