CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c
https://notcve.org/view.php?id=CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34432 https://bugzilla.redhat.com/show_bug.cgi?id=2212291 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010004
https://notcve.org/view.php?id=CVE-2019-1010004
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. • https://sourceforge.net/p/sox/bugs/299 https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13590
https://notcve.org/view.php?id=CVE-2019-13590
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. Se detecto un problema en ibsox.a en SoX versión 14.4.2. En sox-fmt.h (función startread), hay un desbordamiento de enteros en el resultado de la suma de enteros (wraparound a 0) que se proporciona a la macro lsx_calloc que envuelve a malloc. • https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html https://sourceforge.net/p/sox/bugs/325 • CWE-190: Integer Overflow or Wraparound CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8357
https://notcve.org/view.php?id=CVE-2019-8357
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. Se ha descubierto un problema en SoX 14.4.2. lsx_make_lpf en effect_i_dsp.c permite una desreferencia de puntero NULL. • https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html https://sourceforge.net/p/sox/bugs/318 https://usn.ubuntu.com/4079-1 https://usn.ubuntu.com/4079-2 • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8354
https://notcve.org/view.php?id=CVE-2019-8354
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. Se ha descubierto un problema en SoX 14.4.2. lsx_make_lpf en effect_i_dsp.c tiene un desbordamiento de enteros en el resultado de la multiplicación que se proporciona a malloc. Cuando el búfer se asigna, es más pequeño de lo esperado, lo que conduce a un desbordamiento de búfer basado en memoria dinámica (heap). • https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html https://sourceforge.net/p/sox/bugs/319 https://usn.ubuntu.com/4079-1 https://usn.ubuntu.com/4079-2 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •