| Errata ID | 582 |
|---|---|
| Date | 2019-09-11 |
| Source package | sox |
| Fixed in version | 14.4.1-5+deb9u2 |
| Description | This update addresses the following issues: * Divide by zero in startread function in wav.c (CVE-2017-11332) * Invalid memory read in read_samples function in hcom.c (CVE-2017-11358) * Divide by zero in wavwritehdr function in wav.c (CVE-2017-11359) * There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c. A Crafted input will lead to a denial of service attack during conversion of an audio file. (CVE-2017-15370) * Reachable assertion abort in the function sox_append_comment() (CVE-2017-15371) * There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c. A Crafted input will lead to a denial of service attack during conversion of an audio file. (CVE-2017-15372) * In lsx_aiffstartread in aiff.c, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. (CVE-2017-15642) * In the startread function in xa.c a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. (CVE-2017-18189) * Integer overflow in function lsx_make_lpf in effect_i_dsp.c (CVE-2019-8354) * Integer overflow in xmalloc.h (CVE-2019-8355) * Stack-based buffer overflow in bitrv2 in fft4g.c (CVE-2019-8356) * null pointer dereference in function lsx_make_lpf in effect_i_dsp.c (CVE-2019-8357) * Out-of-bounds read in function read_samples at xa.c:219 results in a denial of service when he victim opens a specially crafted .xa file. (CVE-2019-1010004) |
| Additional notes | |
| CVE ID | CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 CVE-2019-1010004 |
| UCS Bug number | #50162 |
