rpm package
opensuse/sox&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.5
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-34432 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | Jul 10, 2023 | A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. | ||
| CVE-2023-34318 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | Jul 10, 2023 | A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. | ||
| CVE-2023-32627 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | Jul 10, 2023 | A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. | ||
| CVE-2021-23159 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | Aug 25, 2022 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. | ||
| CVE-2021-33844 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | Aug 25, 2022 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. | ||
| CVE-2022-31651 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | May 25, 2022 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | ||
| CVE-2022-31650 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | May 25, 2022 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | ||
| CVE-2021-3643 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | May 2, 2022 | A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. | ||
| CVE-2021-40426 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | Apr 14, 2022 | A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerabi | ||
| CVE-2019-13590 | — | < 14.4.2-bp155.3.3.1 | 14.4.2-bp155.3.3.1 | Jul 14, 2019 | An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior chec |
- CVE-2023-34432Jul 10, 2023affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
- CVE-2023-34318Jul 10, 2023affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
- CVE-2023-32627Jul 10, 2023affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
- CVE-2021-23159Aug 25, 2022affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.
- CVE-2021-33844Aug 25, 2022affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.
- CVE-2022-31651May 25, 2022affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
- CVE-2022-31650May 25, 2022affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
- CVE-2021-3643May 2, 2022affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
- CVE-2021-40426Apr 14, 2022affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerabi
- CVE-2019-13590Jul 14, 2019affected < 14.4.2-bp155.3.3.1fixed 14.4.2-bp155.3.3.1
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior chec