Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11359 — Divide By Zero in Exchange Project Sound Exchange

CWE-369 — Divide By Zero10 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

5.2%

top 10.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Linux Sound Exchange Project Sound Exchange

Timeline

PublishedJul 31

Latest updateMay 14

Description

The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDsound_exchange_project/sound_exchange14.4.2

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-qcrg-ppmg-4fm2: The wavwritehdr function in wav↗2022-05-14

▶

CVEList

CVE-2017-11359: The wavwritehdr function in wav↗2017-07-31

▶

OSV

CVE-2017-11359: The wavwritehdr function in wav↗2017-07-31

▶

💥Exploits & PoCs

Exploit-DB

Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities↗2017-07-31

▶

📋Vendor Advisories

Red Hat

sox: Devide by zero in wavwritehdr function in wav.c↗2017-07-30

▶

Debian

CVE-2017-11359: sox - The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote a...↗2017

▶

🕵️Threat Intelligence

Wiz

CVE-2022-50798 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2017-11359 sox: Devide by zero in wavwritehdr function in wav.c↗2017-08-11

▶

Bugzilla

CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 sox: various flaws [fedora-all]↗2017-08-11

▶