Sox
by Sox Oss
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11359 | Med | 0.39 | 5.5 | 0.05 | Jul 31, 2017 | The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file. | ||
| CVE-2017-11332 | Med | 0.39 | 5.5 | 0.03 | Jul 31, 2017 | The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. | ||
| CVE-2017-15642 | Med | 0.36 | 5.5 | 0.01 | Oct 19, 2017 | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | ||
| CVE-2017-15372 | Med | 0.36 | 5.5 | 0.00 | Oct 16, 2017 | There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | ||
| CVE-2017-15370 | Med | 0.36 | 5.5 | 0.00 | Oct 16, 2017 | There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | ||
| CVE-2004-0557 | 0.07 | — | 0.49 | Aug 6, 2004 | Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields. | |||
| CVE-2022-31651 | 0.00 | — | 0.00 | May 25, 2022 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | |||
| CVE-2022-31650 | 0.00 | — | 0.00 | May 25, 2022 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | |||
| CVE-2021-3643 | 0.00 | — | 0.00 | May 2, 2022 | A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. | |||
| CVE-2019-8354 | 0.00 | — | 0.01 | Feb 15, 2019 | An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. |
- risk 0.39cvss 5.5epss 0.05
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
- risk 0.39cvss 5.5epss 0.03
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
- risk 0.36cvss 5.5epss 0.01
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
- risk 0.36cvss 5.5epss 0.00
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
- risk 0.36cvss 5.5epss 0.00
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
- CVE-2004-0557Aug 6, 2004risk 0.07cvss —epss 0.49
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
- CVE-2022-31651May 25, 2022risk 0.00cvss —epss 0.00
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
- CVE-2022-31650May 25, 2022risk 0.00cvss —epss 0.00
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
- CVE-2021-3643May 2, 2022risk 0.00cvss —epss 0.00
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
- CVE-2019-8354Feb 15, 2019risk 0.00cvss —epss 0.01
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.