Unrated severityNVD Advisory· Published Dec 31, 2014· Updated May 6, 2026

CVE-2014-8145

Description

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

Affected products

Sound Exchange Project/Sound Exchange
cpe:2.3:a:sound_exchange_project:sound_exchange:*:*:*:*:*:*:*:*
Range: <=14.4.1
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/129699/SoX-14.4.1-Heap-Buffer-Overflow.htmlnvdExploitThird Party AdvisoryVDB Entry
advisories.mageia.org/MGASA-2014-0561.htmlnvdThird Party Advisory
www.debian.org/security/2014/dsa-3112nvdThird Party Advisory
www.ocert.org/advisories/ocert-2014-010.htmlnvdThird Party AdvisoryUS Government Resource
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
www.securityfocus.com/bid/71774nvdThird Party AdvisoryVDB Entry
lists.debian.org/debian-lts-announce/2019/02/msg00034.htmlnvdThird Party Advisory
security.gentoo.org/glsa/201612-30nvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000