CVE-2017-18189
published 2018-02-15CVE-2017-18189: In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | sox | < sox 14.4.2-2 (bookworm) | sox 14.4.2-2 (bookworm) |
| sound_exchange_project | sound_exchange | <= 14.4.2 | — |
| sourceforge | sox_sound_exchange | — | — |
| sourceforge | sox_sound_exchange | >= 0 < 14.4.2-2 | 14.4.2-2 |
| sourceforge | sox_sound_exchange | >= 0 < 14.4.2-2 | 14.4.2-2 |
| sourceforge | sox_sound_exchange | >= 0 < 14.4.2-2 | 14.4.2-2 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH