CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
86.3%
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.
advisories.mageia.org/MGASA-2014-0561.html
packetstormsecurity.com/files/129699/SoX-14.4.1-Heap-Buffer-Overflow.html
www.debian.org/security/2014/dsa-3112
www.mandriva.com/security/advisories?name=MDVSA-2015:015
www.ocert.org/advisories/ocert-2014-010.html
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.securityfocus.com/bid/71774
lists.debian.org/debian-lts-announce/2019/02/msg00034.html
security.gentoo.org/glsa/201612-30