CVE-2017-15371 β€” Reachable Assertion in Exchange Project Sound Exchange

CWE-617 β€” Reachable Assertion10 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 50.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LinuxSound Exchange Project Sound Exchange
Timeline
PublishedOct 16
Latest updateMay 13

Description

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

Also affects: Debian Linux 7.0, 8.0

πŸ”΄Vulnerability Details

3
GHSA
GHSA-mh8q-537v-96gj: There is a reachable assertion abort in the function sox_append_comment() in formats↗2022-05-13
β–Ά
OSV
CVE-2017-15371: There is a reachable assertion abort in the function sox_append_comment() in formats↗2017-10-16
β–Ά
CVEList
CVE-2017-15371: There is a reachable assertion abort in the function sox_append_comment() in formats↗2017-10-16
β–Ά

πŸ“‹Vendor Advisories

3
Red Hat
sox: Reachable assertion abort in the function sox_append_comment()β†—2017-10-11
β–Ά
Microsoft
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an a↗2017-10-10
β–Ά
Debian
CVE-2017-15371: sox - There is a reachable assertion abort in the function sox_append_comment() in for...β†—2017
β–Ά

πŸ’¬Community

3
Bugzilla
CVE-2017-15371 sox: Reachable assertion abort in the function sox_append_comment()β†—2017-11-08
β–Ά
Bugzilla
CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642 sox: various flaws [fedora-all]β†—2017-11-08
β–Ά
Bugzilla
It is a reachable assertion abort in function sox_append_comment(in formats.c:227) that will lead to denial of service attack↗2017-10-11
β–Ά
CVE-2017-15371 β€” Reachable Assertion | cvebase