| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-18189 | 5.0 |
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
|
24-06-2021 - 15:16 | 15-02-2018 - 10:29 | |
| CVE-2017-15642 | 4.3 |
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
|
24-06-2021 - 15:16 | 19-10-2017 - 19:29 | |
| CVE-2017-15372 | 4.3 |
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
|
24-06-2021 - 15:16 | 16-10-2017 - 04:29 | |
| CVE-2017-15370 | 4.3 |
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
|
24-06-2021 - 15:16 | 16-10-2017 - 04:29 |