CVE-2017-11332

MEDIUM

Sound eXchange 14.4.2 - Denial of Service via Crafted WAV File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11332. PoCs published by qflb.wu.

AI-analyzed exploit summary The exploit demonstrates two denial-of-service vulnerabilities in SoX 14.4.2: a divide-by-zero error in the `startread` function (wav.c) and an invalid memory read in the `read_samples` function (hcom.c). Both are triggered by crafted audio files, leading to application crashes.

Description

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

Exploits (1)

exploitdb WORKING POC

by qflb.wu · textdoslinux

https://www.exploit-db.com/exploits/42398

View Code ZIP pw:eip

The exploit demonstrates two denial-of-service vulnerabilities in SoX 14.4.2: a divide-by-zero error in the `startread` function (wav.c) and an invalid memory read in the `read_samples` function (hcom.c). Both are triggered by crafted audio files, leading to application crashes.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Sound eXchange (SoX) 14.4.2

No auth needed

Prerequisites: Crafted WAV or HCOM file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42398/

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2017/Jul/81

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201810-02

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html

Scores

CVSS v3 5.5

EPSS 0.0660

EPSS Percentile 93.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-369

Status published

Products (3)

debian/debian_linux 7.0

debian/debian_linux 8.0

sound_exchange_project/sound_exchange 14.4.2

Published Jul 31, 2017

Tracked Since Feb 18, 2026