SoX 14.4.2 (wav.c) Division By Zero
Title: SoX 14.4.2 (wav.c) Division By Zero
Advisory ID: ZSL-2022-5712
Type: Local
Impact: DoS
Risk: (2/5)
Release Date: 18.09.2022
Microsoft Windows 10 Home
sox_div0.wav.zip
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/236674
[3] https://www.exploit-db.com/exploits/51034
[22.09.2022] - Added reference [1] and [2]
[10.04.2023] - Added reference [3]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2022-5712
Type: Local
Impact: DoS
Risk: (2/5)
Release Date: 18.09.2022
Summary
SoX (Sound eXchange) is the Swiss Army knife of sound processing tools: it can convert sound files between many different file formats and audio devices, and can apply many sound effects and transformations, as well as doing basic analysis and providing input to more capable analysis and plotting tools.Description
SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.Vendor
Chris Bagwell - http://sox.sourceforge.netAffected Version
<=14.4.2Tested On
Ubuntu 18.04.6 LTSMicrosoft Windows 10 Home
Vendor Status
N/APoC
sox_div0.txtsox_div0.wav.zip
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/168417[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/236674
[3] https://www.exploit-db.com/exploits/51034
Changelog
[18.09.2022] - Initial release[22.09.2022] - Added reference [1] and [2]
[10.04.2023] - Added reference [3]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
