Sox Oss
Products
2- 9 CVEs
- 9 CVEs
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3643 | Cri | 0.59 | 9.1 | 0.01 | May 2, 2022 | A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. | ||
| CVE-2023-26590 | Med | 0.40 | 6.2 | 0.00 | Jul 10, 2023 | A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. | ||
| CVE-2021-33844 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2022 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. | ||
| CVE-2021-23210 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2022 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. | ||
| CVE-2021-23172 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2022 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash. | ||
| CVE-2021-23159 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2022 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. | ||
| CVE-2022-31651 | Med | 0.36 | 5.5 | 0.01 | May 25, 2022 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | ||
| CVE-2022-31650 | Med | 0.36 | 5.5 | 0.01 | May 25, 2022 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | ||
| CVE-2019-1010004 | Med | 0.36 | 5.5 | 0.01 | Jul 15, 2019 | SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. | ||
| CVE-2019-13590 | Med | 0.36 | 5.5 | 0.01 | Jul 14, 2019 | An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior… | ||
| CVE-2019-8357 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2019 | An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. | ||
| CVE-2019-8356 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2019 | An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. | ||
| CVE-2019-8355 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2019 | An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start… | ||
| CVE-2017-15642 | Med | 0.36 | 5.5 | 0.01 | Oct 19, 2017 | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | ||
| CVE-2004-0557 | 0.05 | — | 0.25 | Aug 6, 2004 | Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields. | |||
| CVE-2014-8145 | 0.01 | — | 0.08 | Dec 31, 2014 | Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. |
- risk 0.59cvss 9.1epss 0.01
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
- risk 0.40cvss 6.2epss 0.00
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
- risk 0.36cvss 5.5epss 0.00
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.
- risk 0.36cvss 5.5epss 0.00
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.
- risk 0.36cvss 5.5epss 0.00
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.
- risk 0.36cvss 5.5epss 0.00
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.
- risk 0.36cvss 5.5epss 0.01
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
- risk 0.36cvss 5.5epss 0.01
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
- risk 0.36cvss 5.5epss 0.01
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior…
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start…
- risk 0.36cvss 5.5epss 0.01
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
- CVE-2004-0557Aug 6, 2004risk 0.05cvss —epss 0.25
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
- CVE-2014-8145Dec 31, 2014risk 0.01cvss —epss 0.08
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.