In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers a NULL pointer dereference, which may allow an attacker to cause denial-of-service via a specially crafted file.
Created sox tracking bugs for this issue:
Affects: fedora-all [bug 1545867]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2283 https://access.redhat.com/errata/RHSA-2019:2283
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):