CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c
https://notcve.org/view.php?id=CVE-2023-34318
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34318 https://bugzilla.redhat.com/show_bug.cgi?id=2212283 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-32627 – Floating point exception in src/voc.c
https://notcve.org/view.php?id=CVE-2023-32627
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-32627 https://bugzilla.redhat.com/show_bug.cgi?id=2212282 https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •
CVE-2023-26590 – Floating point exception in src/aiff.c
https://notcve.org/view.php?id=CVE-2023-26590
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-26590 https://bugzilla.redhat.com/show_bug.cgi?id=2212279 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •
CVE-2021-23172
https://notcve.org/view.php?id=CVE-2021-23172
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash. Se ha detectado una vulnerabilidad en SoX, donde es producido un desbordamiento del búfer de la pila en la función startread() del archivo hcom.c. La vulnerabilidad puede explotarse con un archivo hcomn diseñado, que podría causar el bloqueo de una aplicación. • https://access.redhat.com/security/cve/CVE-2021-23172 https://bugzilla.redhat.com/show_bug.cgi?id=1975666 https://security.archlinux.org/CVE-2021-23172 https://sourceforge.net/p/sox/bugs/350 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2021-23159
https://notcve.org/view.php?id=CVE-2021-23159
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. Se ha encontrado una vulnerabilidad en SoX, donde es producido un desbordamiento del buffer de la pila en la función lsx_read_w_buf() en el archivo formats_i.c. La vulnerabilidad puede explotarse con un archivo diseñado, que podría causar el bloqueo de una aplicación. • https://access.redhat.com/security/cve/CVE-2021-23159 https://bugzilla.redhat.com/show_bug.cgi?id=1975671 https://security.archlinux.org/CVE-2021-23159 https://sourceforge.net/p/sox/bugs/352 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •