Vulnerability Details CVE-2017-18189
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 79.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://access.redhat.com/errata/RHSA-2019:2283
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121
- https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62RARFRXGKPNNFFNVDV7DHJSOKAIZ3CX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUKFZQSZG2ABMTAMOGBMY7MJNSGEIYTL/
- https://public-inbox.org/sox-devel/20171109114554.16297-1-mans%40mansr.com/raw
- https://access.redhat.com/errata/RHSA-2019:2283
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121
- https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62RARFRXGKPNNFFNVDV7DHJSOKAIZ3CX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUKFZQSZG2ABMTAMOGBMY7MJNSGEIYTL/
- https://public-inbox.org/sox-devel/20171109114554.16297-1-mans%40mansr.com/raw
Products affected by CVE-2017-18189
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.16
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.1
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.2
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.3
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.4
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.5
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.6
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.7
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.8
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.9
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.18.1
-
cpe:2.3:a:sound_exchange_project:sound_exchange:12.18.2
-
cpe:2.3:a:sound_exchange_project:sound_exchange:13.0.0
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.0.0
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.0.1
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.1.0
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.2.0
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.3.0
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.3.1
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.3.2
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.0
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.1
-
cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2
-
cpe:2.3:o:debian:debian_linux:8.0