Unrated severityNVD Advisory· Published Apr 14, 2022· Updated Apr 15, 2025
CVE-2021-40426
CVE-2021-40426
Description
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Affected products
6- osv-coords5 versionspkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/sox&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP4pkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP5
< 14.4.2-bp154.2.3.1+ 4 more
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
- (no CPE)range: < 14.4.2-8.1
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
- Sound Exchange/libsoxv5Range: 14.4.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.debian.org/security/2023/dsa-5356mitrevendor-advisory
- www.openwall.com/lists/oss-security/2023/02/03/3mitremailing-list
- lists.debian.org/debian-lts-announce/2023/02/msg00009.htmlmitremailing-list
- talosintelligence.com/vulnerability_reports/TALOS-2021-1434mitre
News mentions
0No linked articles in our index yet.