CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23172 – Debian Security Advisory 5356-1
https://notcve.org/view.php?id=CVE-2021-23172
25 Aug 2022 — A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash. Se ha detectado una vulnerabilidad en SoX, donde es producido un desbordamiento del búfer de la pila en la función startread() del archivo hcom.c. La vulnerabilidad puede explotarse con un archivo hcomn diseñado, que podría causar el bloqueo de una aplicación. Multiple security issues were discovere... • https://access.redhat.com/security/cve/CVE-2021-23172 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23159 – Debian Security Advisory 5356-1
https://notcve.org/view.php?id=CVE-2021-23159
25 Aug 2022 — A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. Se ha encontrado una vulnerabilidad en SoX, donde es producido un desbordamiento del buffer de la pila en la función lsx_read_w_buf() en el archivo formats_i.c. La vulnerabilidad puede explotarse con un archivo diseñado, que podría causar el bloqueo de una aplicación. Multiple security issues we... • https://access.redhat.com/security/cve/CVE-2021-23159 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23210 – Debian Security Advisory 5356-1
https://notcve.org/view.php?id=CVE-2021-23210
25 Aug 2022 — A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. Se ha detectado un problema de excepción de punto flotante (división por cero) en SoX en la función read_samples() del archivo voc.c. Un atacante con un archivo diseñado, podría causar un bloqueo de una aplicación. Multiple security issues were discovered in Sox, the Swiss Army knife of sound processing programs, which could re... • https://access.redhat.com/security/cve/CVE-2021-23210 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33844 – Ubuntu Security Notice USN-5904-1
https://notcve.org/view.php?id=CVE-2021-33844
25 Aug 2022 — A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. Se ha detectado un problema de excepción de punto flotante (división por cero) en SoX en la función startread() del archivo wav.c. Un atacante con un archivo wav diseñado, podría causar un bloqueo en la aplicación. Helmut Grohne discovered that SoX incorrectly handled certain inputs. • https://access.redhat.com/security/cve/CVE-2021-33844 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31650 – Debian Security Advisory 5356-1
https://notcve.org/view.php?id=CVE-2022-31650
25 May 2022 — In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. En SoX versión 14.4.2, se presenta una excepción de punto flotante en la función lsx_aiffstartwrite en los archivos archivo aiff.c, libsox.a Multiple security issues were discovered in Sox, the Swiss Army knife of sound processing programs, which could result in denial of service or potentially the execution of arbitrary code if a malformed audio file is processed. • http://www.openwall.com/lists/oss-security/2023/02/03/3 • CWE-697: Incorrect Comparison •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31651 – Ubuntu Security Notice USN-5904-1
https://notcve.org/view.php?id=CVE-2022-31651
25 May 2022 — In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. En SoX versión 14.4.2, se presenta un fallo de aserción en la función rate_init en los archivos rate.c, libsox.a Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 L... • http://www.openwall.com/lists/oss-security/2023/02/03/3 • CWE-617: Reachable Assertion •