View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-15642 severity moderate: SUSE including 8 source package names (libsox3-14.4.2-5.1, libsox3-14.4.2-5.17, …), 8 product×package rows across 3 product lines (SUSE Package Hub 12 SP3, openSUSE Leap 15.0, openSUSE Tumbleweed): Fixed 8.
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.