Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sound_exchange
(Sound_exchange_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-02-15 | CVE-2017-18189 | In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. | Debian_linux, Sound_exchange | 7.5 | ||
| 2023-07-10 | CVE-2023-34432 | A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. | Extra_packages_for_enterprise_linux, Fedora, Enterprise_linux, Sound_exchange | 7.8 | ||
| 2019-07-14 | CVE-2019-13590 | An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. | Sound_exchange | 5.5 | ||
| 2017-07-31 | CVE-2017-11358 | The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. | Debian_linux, Sound_exchange | 5.5 | ||
| 2017-10-16 | CVE-2017-15371 | There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | Debian_linux, Sound_exchange | 5.5 | ||
| 2017-10-16 | CVE-2017-15372 | There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | Debian_linux, Sound_exchange | 5.5 | ||
| 2017-10-19 | CVE-2017-15642 | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | Debian_linux, Sound_exchange | 5.5 | ||
| 2017-10-16 | CVE-2017-15370 | There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | Debian_linux, Sound_exchange | 5.5 | ||
| 2019-07-15 | CVE-2019-1010004 | SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. | Sound_exchange | 5.5 | ||
| 2019-02-15 | CVE-2019-8357 | An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. | Sound_exchange | 5.5 |