{"id":"MGASA-2018-0105","summary":"Updated sox packages fix security vulnerability","details":"There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in\nSound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service\nattack during conversion of an audio file (CVE-2017-15370).\n\nThere is a reachable assertion abort in the function sox_append_comment() in\nformats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial\nof service attack during conversion of an audio file (CVE-2017-15371).\n","modified":"2026-01-30T07:29:24.227784Z","published":"2018-02-02T12:33:47Z","related":["CVE-2017-15370","CVE-2017-15371"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0105.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22469"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LU6OQGTJOLIFAOPHQI6CPLGMN4KKMLIX/"}],"affected":[{"package":{"name":"sox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/sox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.4.1-6.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0105.json"}},{"package":{"name":"sox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/sox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.4.2-7.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0105.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}