VDB
MAGEIA-2018-105
MAGEIA-2018-105
PUBLISHED
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file (CVE-2017-15370). There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file (CVE-2017-15371).
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | sox | 14.4.1-6.1.mga5, 0, 0 |
| Mageia | pidgin | 2.13.0-1.mga6, 0 |
| Mageia | sox | 0, 14.4.2-7.1.mga6, 0 |
Timeline
- Feb 2, 2018 CVE Updated
- Feb 2, 2018 CVE Published
References
- Updated sox packages fix security vulnerability advisory
- Updated sox packages fix security vulnerability issue
- Updated sox packages fix security vulnerability issue
- Updated pidgin packages fix various bugs advisory
- Updated pidgin packages fix various bugs issue
- Updated pidgin packages fix various bugs issue