Source: sox Version: 14.4.1-5 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/sox/bugs/298/
Hi, the following vulnerability was published for sox. CVE-2017-15642[0]: | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is | a Use-After-Free vulnerability triggered by supplying a malformed AIFF | file. The issue can be verified via the poc in the upstream bug. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15642 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15642 [1] https://sourceforge.net/p/sox/bugs/298/ Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
