CVE-2017-15370 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Exchange Project Sound Exchange

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 42.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LinuxSound Exchange Project Sound Exchange
Timeline
PublishedOct 16
Latest updateMay 13

Description

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

3
GHSA
GHSA-mhq7-f3rw-g8h6: There is a heap-based buffer overflow in the ImaExpandS function of ima_rw↗2022-05-13
â–¶
OSV
CVE-2017-15370: There is a heap-based buffer overflow in the ImaExpandS function of ima_rw↗2017-10-16
â–¶
CVEList
CVE-2017-15370: There is a heap-based buffer overflow in the ImaExpandS function of ima_rw↗2017-10-16
â–¶

📋Vendor Advisories

3
Red Hat
sox: Heap-based buffer overflow in the ImaExpandS function↗2017-10-11
â–¶
Microsoft
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.↗2017-10-10
â–¶
Debian
CVE-2017-15370: sox - There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in ...↗2017
â–¶

💬Community

2
Bugzilla
CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642 sox: various flaws [fedora-all]↗2017-11-08
â–¶
Bugzilla
CVE-2017-15370 sox: Heap-based buffer overflow in the ImaExpandS function↗2017-11-08
â–¶
CVE-2017-15370 — MEDIUM severity | cvebase