Bug 1081140 – VUL-1: CVE-2017-11332: sox: The startread function in wav.c in allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

Bug 1081140 - (CVE-2017-11332) VUL-1: CVE-2017-11332: sox: The startread function in wav.c in allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

(CVE-2017-11332)
Summary:	VUL-1: CVE-2017-11332: sox: The startread function in wav.c in allows remote ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-02-15 10:17 UTC by Karol Babioch
Modified:	2018-03-19 15:43 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-02-15 10:17:51 UTC

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11332

Comment 1 Swamp Workflow Management 2018-02-15 11:20:21 UTC

This is an autogenerated message for OBS integration:
This bug (1081140) was mentioned in
https://build.opensuse.org/request/show/576953 42.3 / sox

Comment 4 Swamp Workflow Management 2018-02-20 17:10:37 UTC

openSUSE-SU-2018:0489-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1063439,1063450,1063456,1064576,1081140,1081141,1081142,1081146
CVE References: CVE-2017-11332,CVE-2017-11358,CVE-2017-11359,CVE-2017-15370,CVE-2017-15371,CVE-2017-15372,CVE-2017-15642,CVE-2017-18189
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    sox-14.4.2-5.1

Comment 5 Swamp Workflow Management 2018-02-20 17:13:27 UTC

openSUSE-SU-2018:0493-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1063439,1063450,1063456,1064576,1081140,1081141,1081142,1081146
CVE References: CVE-2017-11332,CVE-2017-11358,CVE-2017-11359,CVE-2017-15370,CVE-2017-15371,CVE-2017-15372,CVE-2017-15642,CVE-2017-18189
Sources used:
openSUSE Leap 42.3 (src):    sox-14.4.2-5.3.1

Comment 6 Marcus Meissner 2018-02-21 06:24:00 UTC

released