SoX Division by Zero Vulnerability Leading to Denial-of-Service

A division by zero vulnerability has been identified in SoX version 14.4.2, specifically within the WAV file handling component. This vulnerability can cause the program to crash by triggering a floating point exception, which occurs when a specially crafted WAV file induces arithmetic errors during audio processing. Such manipulation not only disrupts the application's functionality but may also result in data loss.

Impact

Exploitation of this vulnerability causes a program crash due to a floating point exception, which is an arithmetic error that occurs when a calculation attempts to divide a number by zero. This type of error can lead to a denial-of-service condition, where the application becomes unresponsive or unavailable, and may also cause loss of unsaved data.

Reproduction

To reproduce this vulnerability, use SoX version 14.4.2 and provide a WAV file that has been crafted to exploit the division by zero flaw in the WAV file processing code. This can be done by using the SoX command-line tool to process the malicious WAV file, which will result in a floating point exception and a program crash.