CVE-2017-18189
sox: NULL pointer dereference in startread function in xa.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
En la función startread en xa.c en Sound eXchange (SoX) hasta la versión 14.4.2, una cabecera que especifica cero canales desencadena un bucle infinito con una desreferencia de puntero NULL resultante, lo que podría permitir que un atacante remoto provoque una denegación de servicio (DoS).
A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-15 CVE Reserved
- 2018-02-15 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-476: NULL Pointer Dereference
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html | Mailing List | |
https://public-inbox.org/sox-devel/20171109114554.16297-1-mans%40mansr.com/raw | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121 | 2024-08-05 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sound Exchange Project Search vendor "Sound Exchange Project" | Sound Exchange Search vendor "Sound Exchange Project" for product "Sound Exchange" | <= 14.4.2 Search vendor "Sound Exchange Project" for product "Sound Exchange" and version " <= 14.4.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|