CVE-2017-15371
Publication date 16 October 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
From the Ubuntu Security Team
It was discovered that SoX incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Status
Package | Ubuntu Release | Status |
---|---|---|
sox | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 14.4.1-5ubuntu0.1
|
|
14.04 LTS trusty |
Fixed 14.4.1-3ubuntu1.1
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |