suse · CVE-2017-18189

Quick triage

Priority: medium Published: 2021-05-30 14:05:24 UTC Updated: 2024-06-13 01:16:43 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-18189 severity moderate: SUSE including 10 source package names (libsox3-14.4.2-5.1, libsox3-14.4.2-5.17, …), 12 product×package rows across 5 product lines (SUSE Liberty Linux 7, SUSE Liberty Linux 7 LTSS, … (5 product lines)): Fixed 12.

Description:

In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.

cvelogic Threat Intelligence