Bug 1081142 (CVE-2017-11359)

Summary: VUL-1: CVE-2017-11359: sox: The wavwritehdr function in wav.c allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv3:NVD:CVE-2017-11359:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVSSv2:NVD:CVE-2017-11359:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3:RedHat:CVE-2017-11359:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) maint:planned:update
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Karol Babioch 2018-02-15 10:23:08 UTC 
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file. 

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11359
Comment 1 Swamp Workflow Management 2018-02-15 11:20:27 UTC 
This is an autogenerated message for OBS integration:
This bug (1081142) was mentioned in
https://build.opensuse.org/request/show/576953 42.3 / sox
Comment 4 Swamp Workflow Management 2018-02-20 17:10:54 UTC 
openSUSE-SU-2018:0489-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1063439,1063450,1063456,1064576,1081140,1081141,1081142,1081146
CVE References: CVE-2017-11332,CVE-2017-11358,CVE-2017-11359,CVE-2017-15370,CVE-2017-15371,CVE-2017-15372,CVE-2017-15642,CVE-2017-18189
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    sox-14.4.2-5.1
Comment 5 Swamp Workflow Management 2018-02-20 17:13:44 UTC 
openSUSE-SU-2018:0493-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1063439,1063450,1063456,1064576,1081140,1081141,1081142,1081146
CVE References: CVE-2017-11332,CVE-2017-11358,CVE-2017-11359,CVE-2017-15370,CVE-2017-15371,CVE-2017-15372,CVE-2017-15642,CVE-2017-18189
Sources used:
openSUSE Leap 42.3 (src):    sox-14.4.2-5.3.1
Comment 6 Marcus Meissner 2018-02-21 06:24:19 UTC 
released