Source: sox Version: 14.4.1-5 Severity: important Tags: upstream security Hi,
the following vulnerabilities were published for sox. CVE-2017-11332[0]: | The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows | remote attackers to cause a denial of service (divide-by-zero error and | application crash) via a crafted wav file. CVE-2017-11358[1]: | The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 | allows remote attackers to cause a denial of service (invalid memory | read and application crash) via a crafted hcom file. CVE-2017-11359[2]: | The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows | remote attackers to cause a denial of service (divide-by-zero error and | application crash) via a crafted snd file, during conversion to a wav | file. All three affect 14.4.1-5 so commont to jessie, stretch and sid, thus filled only one bug for all three CVEs. Please clone and reassign if the issues cannot be fixed all at the same time. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11332 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11332 [1] https://security-tracker.debian.org/tracker/CVE-2017-11358 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11358 [2] https://security-tracker.debian.org/tracker/CVE-2017-11359 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11359 [3] http://seclists.org/fulldisclosure/2017/Jul/81 Regards, Salvatore
