View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-18189 severity moderate: SUSE including 10 source package names (libsox3-14.4.2-5.1, libsox3-14.4.2-5.17, …), 12 product×package rows across 5 product lines (SUSE Liberty Linux 7, SUSE Liberty Linux 7 LTSS, … (5 product lines)): Fixed 12.
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.