---

CVE-2017-15642 - log back

CVE-2017-15642 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
References	+ https://github.com/mansr/sox/commit/0be259eaa9ce3f3fa587a3ef0cf2c0b9c73167a2 + https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html + https://sourceforge.net/p/sox/bugs/298/
Notes