Bug 1063450 - (CVE-2017-15371) VUL-0: CVE-2017-15371: sox: reachable assertion abort in the function sox_append_comment() in formats.c
(CVE-2017-15371)
VUL-0: CVE-2017-15371: sox: reachable assertion abort in the function sox_app...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Pavol Rusnak
Security Team bot
https://smash.suse.de/issue/193376/
CVSSv3:SUSE:CVE-2017-15371:5.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-16 08:40 UTC by Alexander Bergmann
Modified: 2018-02-20 23:41 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
QA Reproducer (51.80 KB, application/octet-stream)
2017-10-16 08:41 UTC, Alexander Bergmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-10-16 08:40:14 UTC
rh#1500570

There is a reachable assertion abort in the function sox_append_comment() in
formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial
of service attack during conversion of an audio file.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1500570
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15371
Comment 1 Alexander Bergmann 2017-10-16 08:41:44 UTC
Created attachment 744485 [details]
QA Reproducer

#> valgrind sox 03-abort out.wav
...
==5438== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
Segmentation fault
Comment 2 Swamp Workflow Management 2018-02-15 11:20:10 UTC
This is an autogenerated message for OBS integration:
This bug (1063450) was mentioned in
https://build.opensuse.org/request/show/576953 42.3 / sox
Comment 3 Karol Babioch 2018-02-15 15:51:08 UTC
SLE 10 is not affected, sicne flac support was only added in 13.0.0. Fixed in Leap 42.3 and Factory.
Comment 4 Swamp Workflow Management 2018-02-20 17:10:07 UTC
openSUSE-SU-2018:0489-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1063439,1063450,1063456,1064576,1081140,1081141,1081142,1081146
CVE References: CVE-2017-11332,CVE-2017-11358,CVE-2017-11359,CVE-2017-15370,CVE-2017-15371,CVE-2017-15372,CVE-2017-15642,CVE-2017-18189
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    sox-14.4.2-5.1
Comment 5 Swamp Workflow Management 2018-02-20 17:12:57 UTC
openSUSE-SU-2018:0493-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1063439,1063450,1063456,1064576,1081140,1081141,1081142,1081146
CVE References: CVE-2017-11332,CVE-2017-11358,CVE-2017-11359,CVE-2017-15370,CVE-2017-15371,CVE-2017-15372,CVE-2017-15642,CVE-2017-18189
Sources used:
openSUSE Leap 42.3 (src):    sox-14.4.2-5.3.1