SB2019072481 - Out-of-bounds read in sox (Alpine package)
Published: July 24, 2019 Updated: March 22, 2023
Security Bulletin ID
SB2019072481
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2017-11358)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=e8362414fbf5c34467fb8b80ac52f7b8ae2befb8
- https://git.alpinelinux.org/aports/commit/?id=f947389baf417b0e5efbad591fdc844a6683cbe4
- https://git.alpinelinux.org/aports/commit/?id=34ab9361455b89d88ae8f6dc85263d99a79a089c
- https://git.alpinelinux.org/aports/commit/?id=86d8165dabb2ef111678693da7e68ae4c6332bc4
- https://git.alpinelinux.org/aports/commit/?id=5402121572105dacecfadf254239c4aafed6dbae