Security
Headlines
HeadlinesLatestCVEs

Headline

SoX 14.4.2 (wav.c) Division By Zero

SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.

Zero Science Lab
#vulnerability#web#windows#microsoft#ubuntu#dos

Title: SoX 14.4.2 (wav.c) Division By Zero
Advisory ID: ZSL-2022-5712
Type: Local
Impact: DoS
Risk: (2/5)
Release Date: 18.09.2022

Summary

SoX (Sound eXchange) is the Swiss Army knife of sound processing tools: it can convert sound files between many different file formats and audio devices, and can apply many sound effects and transformations, as well as doing basic analysis and providing input to more capable analysis and plotting tools.

Description

SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.

Vendor

Chris Bagwell - http://sox.sourceforge.net

Affected Version

<=14.4.2

Tested On

Ubuntu 18.04.6 LTS
Microsoft Windows 10 Home

Vendor Status

N/A

PoC

sox_div0.txt
sox_div0.wav.zip

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

N/A

Changelog

[18.09.2022] - Initial release

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: [email protected]

Zero Science Lab: Latest News

ABB Cylon Aspect 3.08.00 (log(Mix/Yum)Lookup.php) Off-by-One Error in Log Parsing