High severity8.8NVD Advisory· Published Apr 14, 2022· Updated Jun 17, 2026
CVE-2021-40426
CVE-2021-40426
Description
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords5 versionspkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/sox&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP4pkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP5
< 14.4.2-bp154.2.3.1+ 4 more
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
- (no CPE)range: < 14.4.2-8.1
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
- Sound Exchange/libsoxv5Range: 14.4.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.