MGASA-2018-0105

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0105.html

Import Source

https://advisories.mageia.org/MGASA-2018-0105.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0105

Related

Published

2018-02-02T12:33:47Z

Modified

2018-02-02T12:04:31Z

Summary

Updated sox packages fix security vulnerability

Details

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file (CVE-2017-15370).

There is a reachable assertion abort in the function soxappendcomment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file (CVE-2017-15371).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / sox

Package

Name: sox
Purl: pkg:rpm/mageia/sox?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.4.1-6.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / sox

Package

Name: sox
Purl: pkg:rpm/mageia/sox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.4.2-7.1.mga6

Ecosystem specific

{
    "section": "core"
}