PT-2017-4243 · Sox+2 · Sox+2

Qflb.Wu

Published

2017-07-30

Updated

2024-06-15

CVE-2017-11358

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SoX version 14.4.2

Description The issue is related to the read samples function in the hcom.c component of the SoX sound processing program, which is vulnerable to a buffer data boundary read. This can be exploited by a remote attacker using a specially crafted hcom file, potentially leading to a denial of service (invalid memory read and application crash).

Recommendations For SoX version 14.4.2, consider disabling the read samples function in hcom.c as a temporary workaround to minimize the risk of exploitation until a patch is available. Restrict access to crafted hcom files to prevent remote attackers from causing a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2024-6289

ALT-PU-2024-6378

ALT-PU-2024-6855

ALT-PU-2024-6966

BDU:2023-01648

CVE-2017-11358

DLA-1197-1

DLA-1705-1

DLA-3315-1

DLA-3315-2

MGASA-2018-0211

OPENSUSE-SU-2018:0489-1

OPENSUSE-SU-2018:0493-1

OPENSUSE-SU-2024:11394-1

Affected Products

Alt Linux

Astra Linux

Sox

PT-2017-4243 · Sox+2 · Sox+2

CVE-2017-11358

Weakness Enumeration

Related Identifiers

Affected Products

References · 49