SB2018100609 - Gentoo update for SoX

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018100609

SB2018100609 - Gentoo update for SoX

Published: October 6, 2018 Updated: March 22, 2023

Security Bulletin ID SB2018100609
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Medium 29% Low 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Division by zero (CVE-ID: CVE-2017-11332)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide-by-zero error within The startread function in wav.c in Sound eXchange (SoX) 14.4.2. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted wav file.


2) Out-of-bounds read (CVE-ID: CVE-2017-11358)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.


3) Division by zero (CVE-ID: CVE-2017-11359)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide-by-zero error within The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.


4) Buffer overflow (CVE-ID: CVE-2017-15370)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.


5) Reachable Assertion (CVE-ID: CVE-2017-15371)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.


6) Buffer overflow (CVE-ID: CVE-2017-15372)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.


7) Use-after-free (CVE-ID: CVE-2017-15642)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.


Remediation

Install update from vendor's website.

References