SoX - Sound eXchange
by Sox Oss
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15642 | Med | 0.36 | 5.5 | 0.01 | Oct 19, 2017 | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | ||
| CVE-2021-23159 | 0.00 | — | 0.00 | Aug 25, 2022 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. | |||
| CVE-2021-23210 | 0.00 | — | 0.00 | Aug 25, 2022 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. | |||
| CVE-2021-33844 | 0.00 | — | 0.00 | Aug 25, 2022 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. | |||
| CVE-2022-31651 | 0.00 | — | 0.00 | May 25, 2022 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | |||
| CVE-2022-31650 | 0.00 | — | 0.00 | May 25, 2022 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | |||
| CVE-2019-1010004 | 0.00 | — | 0.00 | Jul 15, 2019 | SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. | |||
| CVE-2019-8357 | 0.00 | — | 0.01 | Feb 15, 2019 | An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. | |||
| CVE-2019-8356 | 0.00 | — | 0.01 | Feb 15, 2019 | An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. |
- risk 0.36cvss 5.5epss 0.01
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
- CVE-2021-23159Aug 25, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.
- CVE-2021-23210Aug 25, 2022risk 0.00cvss —epss 0.00
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.
- CVE-2021-33844Aug 25, 2022risk 0.00cvss —epss 0.00
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.
- CVE-2022-31651May 25, 2022risk 0.00cvss —epss 0.00
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
- CVE-2022-31650May 25, 2022risk 0.00cvss —epss 0.00
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
- CVE-2019-1010004Jul 15, 2019risk 0.00cvss —epss 0.00
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.
- CVE-2019-8357Feb 15, 2019risk 0.00cvss —epss 0.01
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
- CVE-2019-8356Feb 15, 2019risk 0.00cvss —epss 0.01
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.