CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c
https://notcve.org/view.php?id=CVE-2023-34432
10 Jul 2023 — A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34432 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010004
https://notcve.org/view.php?id=CVE-2019-1010004
15 Jul 2019 — SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. • https://sourceforge.net/p/sox/bugs/299 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2017-18189 – sox: NULL pointer dereference in startread function in xa.c
https://notcve.org/view.php?id=CVE-2017-18189
15 Feb 2018 — In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. En la función startread en xa.c en Sound eXchange (SoX) hasta la versión 14.4.2, una cabecera que especifica cero canales desencadena un bucle infinito con una desreferencia de puntero NULL resultante, lo que podría permitir que un atacante remoto provoque una de... • https://access.redhat.com/errata/RHSA-2019:2283 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 16%CPEs: 4EXPL: 1CVE-2014-8145 – Debian Security Advisory 3112-1
https://notcve.org/view.php?id=CVE-2014-8145
22 Dec 2014 — Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. Múltiples desbordamientos de buffer basados en memoria dinámica en Sound eXchange (SoX) 14.4.1 y anteriores permite a atacantes remotos tener un impacto sin especificar a través de un archivo WAV modificado a la función (1) start_read o (2) AdpcmReadBlock. Michele Spagnuolo of the Google Security Team di... • http://advisories.mageia.org/MGASA-2014-0561.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •