CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8357
https://notcve.org/view.php?id=CVE-2019-8357
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. Se ha descubierto un problema en SoX 14.4.2. lsx_make_lpf en effect_i_dsp.c permite una desreferencia de puntero NULL. • https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html https://sourceforge.net/p/sox/bugs/318 https://usn.ubuntu.com/4079-1 https://usn.ubuntu.com/4079-2 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8355
https://notcve.org/view.php?id=CVE-2019-8355
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. Se ha descubierto un problema en SoX 14.4.2. En xmalloc.h, hay un desbordamiento de enteros en el resultado de la multiplicación que se proporciona a la macro lsx_valloc que envuelve a malloc. • https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html https://sourceforge.net/p/sox/bugs/320 https://usn.ubuntu.com/4079-1 https://usn.ubuntu.com/4079-2 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14948
https://notcve.org/view.php?id=CVE-2018-14948
An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). Se ha encontrado un problema en dilawar sound hasta el 27/11/2017. El final de openWavFile en wav-file.cc tiene rutinas de gestión de memoria no coincidentes (operator new [] en contraposición a operator delete). • https://github.com/dilawar/sound/issues/4 https://github.com/fouzhe/security/tree/master/sound#alloc-dealloc-mismatch-in-function-openwavfile • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2017-18189 – sox: NULL pointer dereference in startread function in xa.c
https://notcve.org/view.php?id=CVE-2017-18189
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. En la función startread en xa.c en Sound eXchange (SoX) hasta la versión 14.4.2, una cabecera que especifica cero canales desencadena un bucle infinito con una desreferencia de puntero NULL resultante, lo que podría permitir que un atacante remoto provoque una denegación de servicio (DoS). A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files. • https://access.redhat.com/errata/RHSA-2019:2283 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121 https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62RARFRXGKPNNFFNVDV7DHJSOKAIZ3CX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUKFZQSZG2ABMTAMOGBMY7MJNSGEIYTL https://public-inbox.org/sox-devel/20171109114554.16297-1-mans%40mansr.com/raw https://access.red • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15642
https://notcve.org/view.php?id=CVE-2017-15642
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. En lsx_aiffstartread en aiff.c en Sound eXchange (SoX), versión 14.4.2, hay una vulnerabilidad de uso de memoria previamente liberada, desencadenada mediante un archivo AIFF mal formado. • https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html https://security.gentoo.org/glsa/201810-02 https://sourceforge.net/p/sox/bugs/297 https://sourceforge.net/p/sox/bugs/298 • CWE-416: Use After Free •