{"id":"MGASA-2018-0211","summary":"Updated sox packages fix security vulnerabilities","details":"This update for sox fixes the following security issues:\n\n* CVE-2017-11332: Fixed the startread function in wav.c, which allowed\nremote attackers to cause a DoS (divide-by-zero) via a crafted wav file.\n* CVE-2017-11358: Fixed the read_samples function in hcom.c, which\nallowed remote attackers to cause a DoS (invalid memory read) via a\ncrafted hcom file.\n* CVE-2017-11359: Fixed the wavwritehdr function in wav.c, which allowed\nremote attackers to cause a DoS (divide-by-zero) when converting a a\ncrafted snd file to a wav file.\n* CVE-2017-15372: Fixed a stack-based buffer overflow in the\nlsx_ms_adpcm_block_expand_i function of adpcm.c, which allowed remote\nattackers to cause a DoS during conversion of a crafted audio file.\n* CVE-2017-15642: Fixed an Use-After-Free vulnerability in\nlsx_aiffstartread in aiff.c, which could be triggered by an attacker by\nproviding a malformed AIFF file.\n* CVE-2017-18189: In the startread function in xa.c in Sound eXchange\n(SoX) through 14.4.2, a corrupt header specifying zero channels triggers\nan infinite loop with a resultant NULL pointer dereference, which may\nallow a remote attacker to cause a denial-of-service. \n","modified":"2026-02-01T09:02:03.864252Z","published":"2018-04-30T19:08:07Z","related":["CVE-2017-11332","CVE-2017-11358","CVE-2017-11359","CVE-2017-15372","CVE-2017-15642","CVE-2017-18189"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0211.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22615"}],"affected":[{"package":{"name":"sox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/sox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.4.1-6.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0211.json"}},{"package":{"name":"sox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/sox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.4.2-7.3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0211.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}