Candidate: CVE-2017-18189
PublicDate: 2018-02-15 10:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18189
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121
 https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw
Description:
 In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a
 corrupt header specifying zero channels triggers an infinite loop with a
 resultant NULL pointer dereference, which may allow a remote attacker to
 cause a denial-of-service.
Ubuntu-Description:
 It was discovered that SoX incorrectly handled certain media files.
 An attacker could possibly use this issue to cause a denial of service
 or other unspecified impact.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_sox:
upstream_sox: released (14.4.2-2)
precise/esm_sox: DNE
trusty_sox: released (14.4.1-3ubuntu1.1)
trusty/esm_sox: released (14.4.1-3ubuntu1.1)
xenial_sox: released (14.4.1-5ubuntu0.1)
artful_sox: ignored (reached end-of-life)
bionic_sox: not-affected (14.4.2-3)
cosmic_sox: not-affected (14.4.2-3)
devel_sox: not-affected (14.4.2-3)