CVE-2017-15371

Exploit

EPSS 0.32%
Published 16.10.2017 04:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Sound Exchange Project ≫ Sound Exchange Version14.4.2

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.545

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html

Third Party Advisory

https://security.gentoo.org/glsa/201810-02

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1500570

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-15371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15371

EUVD