sox is vulnerable to denial of service. An infinite loop caused by a corrupt header specifying zero channels In the startread function in xa.c
allows an attacker to crash the application.
CPE | Name | Operator | Version |
---|---|---|---|
sox:bullseye | eq | 14.4.2+git20190427-2 | |
sox:buster | eq | 14.4.2+git20190427-1 | |
sox:sid | eq | 14.4.2+git20190427-2 |
access.redhat.com/errata/RHSA-2019:2283
bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121
lists.debian.org/debian-lts-announce/2019/02/msg00042.html
lists.fedoraproject.org/archives/list/[email protected]/message/62RARFRXGKPNNFFNVDV7DHJSOKAIZ3CX/
lists.fedoraproject.org/archives/list/[email protected]/message/EUKFZQSZG2ABMTAMOGBMY7MJNSGEIYTL/
public-inbox.org/sox-devel/[email protected]/raw
security-tracker.debian.org/tracker/CVE-2017-18189