VDB

MAGEIA-2018-105

MAGEIA-2018-105 PUBLISHED

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file (CVE-2017-15370). There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file (CVE-2017-15371).

Affected Products

VendorProductVersions
Mageiasox14.4.1-6.1.mga5, 0, 0
Mageiapidgin2.13.0-1.mga6, 0
Mageiasox0, 14.4.2-7.1.mga6, 0

Timeline

  • Feb 2, 2018 CVE Updated
  • Feb 2, 2018 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›