SB2018020142 - Fedora 26 update for sox

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018020142

SB2018020142 - Fedora 26 update for sox

Published: February 1, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018020142
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2017-15372)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.


2) Use-after-free (CVE-ID: CVE-2017-15642)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.


3) Buffer overflow (CVE-ID: CVE-2017-15370)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.


4) Reachable Assertion (CVE-ID: CVE-2017-15371)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.


Remediation

Install update from vendor's website.

References