VYPR

Sound Exchange

by Sound Exchange Project

CVEs (8)

  • CVE-2017-11359MedJul 31, 2017
    risk 0.39cvss 5.5epss 0.07

    The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.

  • CVE-2017-11358MedJul 31, 2017
    risk 0.39cvss 5.5epss 0.07

    The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.

  • CVE-2017-11332MedJul 31, 2017
    risk 0.39cvss 5.5epss 0.07

    The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

  • CVE-2017-15642MedOct 19, 2017
    risk 0.36cvss 5.5epss 0.01

    In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

  • CVE-2017-15372MedOct 16, 2017
    risk 0.36cvss 5.5epss 0.02

    There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

  • CVE-2017-15371MedOct 16, 2017
    risk 0.36cvss 5.5epss 0.02

    There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

  • CVE-2017-15370MedOct 16, 2017
    risk 0.36cvss 5.5epss 0.02

    There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

  • CVE-2014-8145Dec 31, 2014
    risk 0.01cvss epss 0.08

    Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.