5.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.9%
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
lists.debian.org/debian-lts-announce/2017/11/msg00043.html
lists.debian.org/debian-lts-announce/2019/02/msg00042.html
security.gentoo.org/glsa/201810-02
sourceforge.net/p/sox/bugs/297/
sourceforge.net/p/sox/bugs/298/