The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Jul/81 | Exploit Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/42398/ | Exploit Third Party Advisory VDB Entry |
https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html | Third Party Advisory |
https://security.gentoo.org/glsa/201810-02 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html | Third Party Advisory |
Information
Published : 2017-07-31 06:29
Updated : 2019-03-07 17:38
NVD link : CVE-2017-11359
Mitre link : CVE-2017-11359
JSON object : View
CWE
CWE-369
Divide By Zero
Products Affected
debian
- debian_linux
sound_exchange_project
- sound_exchange