Product:

Sound_exchange

(Sound_exchange_project)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2023-07-10 CVE-2023-34432 A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. Extra_packages_for_enterprise_linux, Fedora, Enterprise_linux, Sound_exchange 7.8
2019-02-15 CVE-2019-8354 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. Ubuntu_linux, Debian_linux, Sound_exchange 5.0
2018-02-15 CVE-2017-18189 In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. Debian_linux, Sound_exchange 7.5
2019-07-14 CVE-2019-13590 An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. Sound_exchange 5.5
2017-07-31 CVE-2017-11358 The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. Debian_linux, Sound_exchange 5.5
2017-10-16 CVE-2017-15371 There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. Debian_linux, Sound_exchange 5.5
2017-10-16 CVE-2017-15372 There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. Debian_linux, Sound_exchange 5.5
2017-10-19 CVE-2017-15642 In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. Debian_linux, Sound_exchange 5.5
2017-10-16 CVE-2017-15370 There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. Debian_linux, Sound_exchange 5.5
2019-07-15 CVE-2019-1010004 SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. Sound_exchange 5.5