Updated sox packages fix security vulnerability
Publication date: 02 Feb 2018Modification date: 02 Feb 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15370 , CVE-2017-15371
Description
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file (CVE-2017-15370). There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file (CVE-2017-15371).
References
SRPMS
5/core
- sox-14.4.1-6.1.mga5
6/core
- sox-14.4.2-7.1.mga6