Joonun Jang <joonun.j...@gmail.com> wrote: > Package: sox > Version: 14.4.1-5+b2 > Severity: normal > Tags: security > > null pointer dereference while running sox with "poc.aiff output.aiff speed > 1.027" option > > Running 'sox poc.aiff output.aiff speed 1.027' with the attached file raises > null pointer dereference > which may allow a remote attack to cause a denial-of-service attack > I expected the program to terminate without segfault, but the program crashes > as follow
Thanks for the report, Mans fixed this the other day on the sox-devel list: https://public-inbox.org/sox-devel/20171109114554.16297-1-m...@mansr.com/raw Also pushed as commit c9a48c055398f171128573bbeab4e4de4c761058 in my unofficial "pu" (potential updates) branch @ https://bogomips.org/sox.git
