CVE-2017-15642

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
sound_exchange_projectsound_exchange
14.4.2
debiandebian_linux
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sox
bullseye (security)
14.4.2+git20190427-2+deb11u2
fixed
bullseye
14.4.2+git20190427-2+deb11u2
fixed
bookworm
14.4.2+git20190427-3.5
fixed
sid
14.4.2+git20190427-5
fixed
trixie
14.4.2+git20190427-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sox
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
xenial
Fixed 14.4.1-5ubuntu0.1
released
trusty
Fixed 14.4.1-3ubuntu1.1
released
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html
https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html
https://security.gentoo.org/glsa/201810-02
https://sourceforge.net/p/sox/bugs/297/
https://sourceforge.net/p/sox/bugs/298/
https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html
https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html
https://security.gentoo.org/glsa/201810-02
https://sourceforge.net/p/sox/bugs/297/
https://sourceforge.net/p/sox/bugs/298/