rpm package
opensuse/sox&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/sox&distro=openSUSE%20Tumbleweed
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-34318 | — | < 14.4.2-8.1 | 14.4.2-8.1 | Jul 10, 2023 | A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. | ||
| CVE-2023-32627 | — | < 14.4.2-8.1 | 14.4.2-8.1 | Jul 10, 2023 | A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. | ||
| CVE-2021-23159 | — | < 14.4.2-8.1 | 14.4.2-8.1 | Aug 25, 2022 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. | ||
| CVE-2021-33844 | — | < 14.4.2-8.1 | 14.4.2-8.1 | Aug 25, 2022 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. | ||
| CVE-2022-31651 | — | < 14.4.2-8.1 | 14.4.2-8.1 | May 25, 2022 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | ||
| CVE-2022-31650 | — | < 14.4.2-8.1 | 14.4.2-8.1 | May 25, 2022 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | ||
| CVE-2021-3643 | — | < 14.4.2-8.1 | 14.4.2-8.1 | May 2, 2022 | A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. | ||
| CVE-2021-40426 | — | < 14.4.2-8.1 | 14.4.2-8.1 | Apr 14, 2022 | A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerabi | ||
| CVE-2019-13590 | — | < 14.4.2-8.1 | 14.4.2-8.1 | Jul 14, 2019 | An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior chec | ||
| CVE-2017-18189 | — | < 14.4.2-5.17 | 14.4.2-5.17 | Feb 15, 2018 | In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. | ||
| CVE-2017-15642 | Med | 5.5 | < 14.4.2-5.17 | 14.4.2-5.17 | Oct 19, 2017 | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | |
| CVE-2017-15372 | Med | 5.5 | < 14.4.2-5.17 | 14.4.2-5.17 | Oct 16, 2017 | There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | |
| CVE-2017-15371 | Med | 5.5 | < 14.4.2-5.17 | 14.4.2-5.17 | Oct 16, 2017 | There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | |
| CVE-2017-15370 | Med | 5.5 | < 14.4.2-5.17 | 14.4.2-5.17 | Oct 16, 2017 | There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | |
| CVE-2017-11359 | Med | 5.5 | < 14.4.2-5.17 | 14.4.2-5.17 | Jul 31, 2017 | The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file. | |
| CVE-2017-11358 | Med | 5.5 | < 14.4.2-5.17 | 14.4.2-5.17 | Jul 31, 2017 | The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. | |
| CVE-2017-11332 | Med | 5.5 | < 14.4.2-5.17 | 14.4.2-5.17 | Jul 31, 2017 | The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. |
- CVE-2023-34318Jul 10, 2023affected < 14.4.2-8.1fixed 14.4.2-8.1
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
- CVE-2023-32627Jul 10, 2023affected < 14.4.2-8.1fixed 14.4.2-8.1
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
- CVE-2021-23159Aug 25, 2022affected < 14.4.2-8.1fixed 14.4.2-8.1
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.
- CVE-2021-33844Aug 25, 2022affected < 14.4.2-8.1fixed 14.4.2-8.1
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.
- CVE-2022-31651May 25, 2022affected < 14.4.2-8.1fixed 14.4.2-8.1
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
- CVE-2022-31650May 25, 2022affected < 14.4.2-8.1fixed 14.4.2-8.1
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
- CVE-2021-3643May 2, 2022affected < 14.4.2-8.1fixed 14.4.2-8.1
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
- CVE-2021-40426Apr 14, 2022affected < 14.4.2-8.1fixed 14.4.2-8.1
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerabi
- CVE-2019-13590Jul 14, 2019affected < 14.4.2-8.1fixed 14.4.2-8.1
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior chec
- CVE-2017-18189Feb 15, 2018affected < 14.4.2-5.17fixed 14.4.2-5.17
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
- affected < 14.4.2-5.17fixed 14.4.2-5.17
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
- affected < 14.4.2-5.17fixed 14.4.2-5.17
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
- affected < 14.4.2-5.17fixed 14.4.2-5.17
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
- affected < 14.4.2-5.17fixed 14.4.2-5.17
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
- affected < 14.4.2-5.17fixed 14.4.2-5.17
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
- affected < 14.4.2-5.17fixed 14.4.2-5.17
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
- affected < 14.4.2-5.17fixed 14.4.2-5.17
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.