PT-2017-14134 · Sound Exchange+1 · Sox+1

Kirit Sankar Gupta

Published

2017-10-19

Updated

2024-06-15

CVE-2017-15642

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Sound eXchange (SoX) version 14.4.2

Description The issue is triggered by supplying a malformed AIFF file to the lsx aiffstartread function in the aiff.c file, resulting in a Use-After-Free vulnerability.

Recommendations For version 14.4.2, consider avoiding the use of malformed AIFF files until a patch is available. As a temporary workaround, restrict the processing of AIFF files to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2024-6289

ALT-PU-2024-6378

ALT-PU-2024-6855

ALT-PU-2024-6966

AZL-43615

AZL-45417

CVE-2017-15642

DLA-1197-1

DLA-1695-1

MGASA-2018-0211

OPENSUSE-SU-2018:0489-1

OPENSUSE-SU-2018:0493-1

OPENSUSE-SU-2024:11394-1

Affected Products

Alt Linux

Sox

PT-2017-14134 · Sound Exchange+1 · Sox+1

CVE-2017-15642

Weakness Enumeration

Related Identifiers

Affected Products

References · 37