CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c
https://notcve.org/view.php?id=CVE-2023-34318
10 Jul 2023 — A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34318 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32627 – Floating point exception in src/voc.c
https://notcve.org/view.php?id=CVE-2023-32627
10 Jul 2023 — A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. It was discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-32627 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-26590 – Floating point exception in src/aiff.c
https://notcve.org/view.php?id=CVE-2023-26590
10 Jul 2023 — A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-26590 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23172 – Debian Security Advisory 5356-1
https://notcve.org/view.php?id=CVE-2021-23172
25 Aug 2022 — A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash. Se ha detectado una vulnerabilidad en SoX, donde es producido un desbordamiento del búfer de la pila en la función startread() del archivo hcom.c. La vulnerabilidad puede explotarse con un archivo hcomn diseñado, que podría causar el bloqueo de una aplicación. Multiple security issues were discovere... • https://access.redhat.com/security/cve/CVE-2021-23172 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23159 – Debian Security Advisory 5356-1
https://notcve.org/view.php?id=CVE-2021-23159
25 Aug 2022 — A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. Se ha encontrado una vulnerabilidad en SoX, donde es producido un desbordamiento del buffer de la pila en la función lsx_read_w_buf() en el archivo formats_i.c. La vulnerabilidad puede explotarse con un archivo diseñado, que podría causar el bloqueo de una aplicación. Multiple security issues we... • https://access.redhat.com/security/cve/CVE-2021-23159 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23210 – Debian Security Advisory 5356-1
https://notcve.org/view.php?id=CVE-2021-23210
25 Aug 2022 — A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. Se ha detectado un problema de excepción de punto flotante (división por cero) en SoX en la función read_samples() del archivo voc.c. Un atacante con un archivo diseñado, podría causar un bloqueo de una aplicación. Multiple security issues were discovered in Sox, the Swiss Army knife of sound processing programs, which could re... • https://access.redhat.com/security/cve/CVE-2021-23210 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33844 – Ubuntu Security Notice USN-5904-1
https://notcve.org/view.php?id=CVE-2021-33844
25 Aug 2022 — A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. Se ha detectado un problema de excepción de punto flotante (división por cero) en SoX en la función startread() del archivo wav.c. Un atacante con un archivo wav diseñado, podría causar un bloqueo en la aplicación. Helmut Grohne discovered that SoX incorrectly handled certain inputs. • https://access.redhat.com/security/cve/CVE-2021-33844 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31650 – Debian Security Advisory 5356-1
https://notcve.org/view.php?id=CVE-2022-31650
25 May 2022 — In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. En SoX versión 14.4.2, se presenta una excepción de punto flotante en la función lsx_aiffstartwrite en los archivos archivo aiff.c, libsox.a Multiple security issues were discovered in Sox, the Swiss Army knife of sound processing programs, which could result in denial of service or potentially the execution of arbitrary code if a malformed audio file is processed. • http://www.openwall.com/lists/oss-security/2023/02/03/3 • CWE-697: Incorrect Comparison •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31651 – Ubuntu Security Notice USN-5904-1
https://notcve.org/view.php?id=CVE-2022-31651
25 May 2022 — In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. En SoX versión 14.4.2, se presenta un fallo de aserción en la función rate_init en los archivos rate.c, libsox.a Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 L... • http://www.openwall.com/lists/oss-security/2023/02/03/3 • CWE-617: Reachable Assertion •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3643 – Ubuntu Security Notice USN-5904-1
https://notcve.org/view.php?id=CVE-2021-3643
02 May 2022 — A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. Se ha encontrado un fallo en sox versión 14.4.1. La función lsx_adpcm_init de libsox conlleva a un desbordamiento del búfer global. • https://bugzilla.redhat.com/show_bug.cgi?id=1980626 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •