CVE-2017-11332

Опубликовано: 31 июл. 2017

Источник: debian

EPSS Низкий

Описание

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
sox	fixed	14.4.2-2		package
sox	fixed	14.4.1-5+deb9u2	stretch	package

Примечания

http://seclists.org/fulldisclosure/2017/Jul/81
Upstream bug report https://sourceforge.net/p/sox/bugs/296/
https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571

EPSS

Процентиль: 87%

0.03395

Низкий

Связанные уязвимости

CVE-2017-11332

CVSS3: 5.5

ubuntu

больше 8 лет назад

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

CVE-2017-11332

CVSS3: 3.3

redhat

больше 8 лет назад

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

CVE-2017-11332

CVSS3: 5.5

nvd

больше 8 лет назад

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

GHSA-2454-3wfw-h893

CVSS3: 5.5

github

больше 3 лет назад

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

EPSS

Процентиль: 87%

0.03395

Низкий