CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c
https://notcve.org/view.php?id=CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34432 https://bugzilla.redhat.com/show_bug.cgi?id=2212291 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010004
https://notcve.org/view.php?id=CVE-2019-1010004
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. • https://sourceforge.net/p/sox/bugs/299 https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2017-18189 – sox: NULL pointer dereference in startread function in xa.c
https://notcve.org/view.php?id=CVE-2017-18189
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. En la función startread en xa.c en Sound eXchange (SoX) hasta la versión 14.4.2, una cabecera que especifica cero canales desencadena un bucle infinito con una desreferencia de puntero NULL resultante, lo que podría permitir que un atacante remoto provoque una denegación de servicio (DoS). A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files. • https://access.redhat.com/errata/RHSA-2019:2283 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121 https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62RARFRXGKPNNFFNVDV7DHJSOKAIZ3CX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUKFZQSZG2ABMTAMOGBMY7MJNSGEIYTL https://public-inbox.org/sox-devel/20171109114554.16297-1-mans%40mansr.com/raw https://access.red • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2014-8145
https://notcve.org/view.php?id=CVE-2014-8145
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. Múltiples desbordamientos de buffer basados en memoria dinámica en Sound eXchange (SoX) 14.4.1 y anteriores permite a atacantes remotos tener un impacto sin especificar a través de un archivo WAV modificado a la función (1) start_read o (2) AdpcmReadBlock. • http://advisories.mageia.org/MGASA-2014-0561.html http://packetstormsecurity.com/files/129699/SoX-14.4.1-Heap-Buffer-Overflow.html http://www.debian.org/security/2014/dsa-3112 http://www.mandriva.com/security/advisories?name=MDVSA-2015:015 http://www.ocert.org/advisories/ocert-2014-010.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/71774 https://lists.debian.org/debian-lts-announce/2019/02/msg00034.html https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •