cpe:/a:soundexchange:sound_exchange:14.4.2 cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:8.0 CVE-2017-15372 2017-10-16T00:29:00.280-04:00 2019-03-01T12:54:59.630-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2019-03-01T11:56:05.580-05:00 GENTOO GLSA-201810-02 MLIST [debian-lts-announce] 20171130 [SECURITY] [DLA 1197-1] sox security update MLIST [debian-lts-announce] 20190228 [SECURITY] [DLA 1695-1] sox security update MISC https://bugzilla.redhat.com/show_bug.cgi?id=1500553 There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.