SoX 14.4.2 (wav.c) Division By Zero

Title: SoX 14.4.2 (wav.c) Division By Zero
Advisory ID: ZSL-2022-5712
Type: Local
Impact: DoS
Risk: (2/5)
Release Date: 18.09.2022
Summary
SoX (Sound eXchange) is the Swiss Army knife of sound processing tools: it can convert sound files between many different file formats and audio devices, and can apply many sound effects and transformations, as well as doing basic analysis and providing input to more capable analysis and plotting tools.
Description
SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.
Vendor
Chris Bagwell - http://sox.sourceforge.net
Affected Version
<=14.4.2
Tested On
Ubuntu 18.04.6 LTS
Microsoft Windows 10 Home
Vendor Status
N/A
PoC
sox_div0.txt
sox_div0.wav.zip
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://packetstormsecurity.com/files/168417
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/236674
[3] https://www.exploit-db.com/exploits/51034
Changelog
[18.09.2022] - Initial release
[22.09.2022] - Added reference [1] and [2]
[10.04.2023] - Added reference [3]
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk