CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c
https://notcve.org/view.php?id=CVE-2023-34318
10 Jul 2023 — A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34318 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32627 – Floating point exception in src/voc.c
https://notcve.org/view.php?id=CVE-2023-32627
10 Jul 2023 — A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. It was discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-32627 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-26590 – Floating point exception in src/aiff.c
https://notcve.org/view.php?id=CVE-2023-26590
10 Jul 2023 — A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-26590 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •