CVE-2017-15642 — Use After Free in Exchange Project Sound Exchange

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 33.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 19

Latest updateMay 13

Description

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Also affects: Debian Linux 7.0, 8.0

GHSA

GHSA-363g-vch7-x5j4: In lsx_aiffstartread in aiff↗2022-05-13

▶

OSV

CVE-2017-15642: In lsx_aiffstartread in aiff↗2017-10-19

▶

CVEList

CVE-2017-15642: In lsx_aiffstartread in aiff↗2017-10-19

▶

Red Hat

sox: Use-after-free in lsx_aiffstartread↗2017-10-17

▶

Debian

CVE-2017-15642: sox - In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-Af...↗2017

▶

Bugzilla

CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642 sox: various flaws [fedora-all]↗2017-11-08

▶

Bugzilla

CVE-2017-15642 sox: Use-after-free in lsx_aiffstartread↗2017-11-08

▶