CVE-2017-15642 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Arbitrary code execution
Description	In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-610	sox	14.4.2-1	14.4.2-3	Low	Fixed	FS#57485

References
https://github.com/mansr/sox/commit/0be259eaa9ce3f3fa587a3ef0cf2c0b9c73167a2 https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://sourceforge.net/p/sox/bugs/298/