CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2017-11358 – Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-11358
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. La función read_samples en el archivo hcom.c en Sound eXchange (SoX) versión 14.4.2, permite a los atacantes remotos causar una denegación de servicio (lectura de memoria inválida y bloqueo de aplicación) por medio de un archivo hcom creado. • https://www.exploit-db.com/exploits/42398 http://seclists.org/fulldisclosure/2017/Jul/81 http://www.openwall.com/lists/oss-security/2023/02/03/3 http://www.openwall.com/lists/oss-security/2023/02/04/2 http://www.openwall.com/lists/oss-security/2023/02/05/1 http://www.openwall.com/lists/oss-security/2023/02/06/1 https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html https:/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2014-8145
https://notcve.org/view.php?id=CVE-2014-8145
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. Múltiples desbordamientos de buffer basados en memoria dinámica en Sound eXchange (SoX) 14.4.1 y anteriores permite a atacantes remotos tener un impacto sin especificar a través de un archivo WAV modificado a la función (1) start_read o (2) AdpcmReadBlock. • http://advisories.mageia.org/MGASA-2014-0561.html http://packetstormsecurity.com/files/129699/SoX-14.4.1-Heap-Buffer-Overflow.html http://www.debian.org/security/2014/dsa-3112 http://www.mandriva.com/security/advisories?name=MDVSA-2015:015 http://www.ocert.org/advisories/ocert-2014-010.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/71774 https://lists.debian.org/debian-lts-announce/2019/02/msg00034.html https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •