Source: sox Version: 14.4.1-5 Severity: important Tags: security upstream Hi,
the following vulnerability was published for sox. CVE-2017-15371[0]: | There is a reachable assertion abort in the function | sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A | Crafted input will lead to a denial of service attack during conversion | of an audio file. $ ./src/sox ~/03-abort out.wav sox: formats.c:223: sox_append_comment: Assertion `comment' failed. Aborted and attaching the poc in case the original reference disapears. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15371 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15371 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
03-abort
Description: audio/flac
