CVE-2017-15642

Source
Severity Low
Remote No
Type Arbitrary code execution
Description
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
Group Package Affected Fixed Severity Status Ticket
AVG-610 sox 14.4.2-1 14.4.2-3 Low Fixed FS#57485
References
https://github.com/mansr/sox/commit/0be259eaa9ce3f3fa587a3ef0cf2c0b9c73167a2
https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html
https://sourceforge.net/p/sox/bugs/298/