[Secure-testing-team] Bug#882144: sox: CVE-2017-15642: Use-after-free in lsx_aiffstartread
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 19 16:09:25 UTC 2017
Source: sox
Version: 14.4.1-5
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/sox/bugs/298/
Hi,
the following vulnerability was published for sox.
CVE-2017-15642[0]:
| In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is
| a Use-After-Free vulnerability triggered by supplying a malformed AIFF
| file.
The issue can be verified via the poc in the upstream bug.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15642
[1] https://sourceforge.net/p/sox/bugs/298/
Regards,
Salvatore
More information about the Secure-testing-team
mailing list