CVE-2017-18189
HIGHSound eXchange < 14.4.2 - Denial of Service via Corrupt Header in startread Function
Title source: llmDescription
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
References (6)
Core 6
Core References
Various Sources x_refsource_misc
https://public-inbox.org/sox-devel/20171109114554.16297-1-mans%40mansr.com/raw
Exploit, Issue Tracking, Mailing List, Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2283
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUKFZQSZG2ABMTAMOGBMY7MJNSGEIYTL/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62RARFRXGKPNNFFNVDV7DHJSOKAIZ3CX/
Scores
CVSS v3
7.5
EPSS
0.0515
EPSS Percentile
91.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (2)
debian/debian_linux
8.0
sound_exchange_project/sound_exchange
< 14.4.2
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026