suse · CVE-2017-15642

Quick triage

Priority: medium Published: 2021-05-30 14:03:29 UTC Updated: 2023-12-08 01:19:45 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-15642 severity moderate: SUSE including 8 source package names (libsox3-14.4.2-5.1, libsox3-14.4.2-5.17, …), 8 product×package rows across 3 product lines (SUSE Package Hub 12 SP3, openSUSE Leap 15.0, openSUSE Tumbleweed): Fixed 8.

Description:

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

cvelogic Threat Intelligence