Advisories ยป MGASA-2018-0105

Updated sox packages fix security vulnerability

Publication date: 02 Feb 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15370 , CVE-2017-15371

Description

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in
Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service
attack during conversion of an audio file (CVE-2017-15370).

There is a reachable assertion abort in the function sox_append_comment() in
formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial
of service attack during conversion of an audio file (CVE-2017-15371).
                

References

SRPMS

5/core

6/core