Candidate: CVE-2017-11359
PublicDate: 2017-07-31 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11359
 http://seclists.org/fulldisclosure/2017/Jul/81
Description:
 The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows
 remote attackers to cause a denial of service (divide-by-zero error and
 application crash) via a crafted snd file, during conversion to a wav file.
Ubuntu-Description:
 It was discovered that SoX incorrectly handled certain media files.
 An attacker could possibly use this issue to cause a denial of service
 or other unspecified impact.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870328
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_sox:
upstream_sox: released (14.4.2-2)
precise/esm_sox: DNE
trusty_sox: released (14.4.1-3ubuntu1.1)
trusty/esm_sox: released (14.4.1-3ubuntu1.1)
vivid/ubuntu-core_sox: DNE
xenial_sox: released (14.4.1-5ubuntu0.1)
zesty_sox: ignored (reached end-of-life)
artful_sox: ignored (reached end-of-life)
bionic_sox: not-affected (14.4.2-3)
cosmic_sox: not-affected (14.4.2-3)
devel_sox: not-affected (14.4.2-3)