Soundtouch Security Vulnerabilities
The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by...
7.5CVSS
7.6AI Score
0.002EPSS
The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by...
7.5CVSS
7.5AI Score
0.002EPSS
soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch...
8.8CVSS
8.7AI Score
0.002EPSS
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the...
6.1CVSS
6.3AI Score
0.004EPSS
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by...
8.8CVSS
9AI Score
0.009EPSS
The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by...
6.5CVSS
6.9AI Score
0.001EPSS
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by...
8.8CVSS
8.8AI Score
0.009EPSS
5.4CVSS
5.2AI Score
0.001EPSS
Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by...
5.4CVSS
5.3AI Score
0.001EPSS
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket...
8.8CVSS
8.4AI Score
0.005EPSS
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav...
5.5CVSS
6.2AI Score
0.001EPSS
The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav...
5.5CVSS
6.2AI Score
0.001EPSS
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav...
5.5CVSS
6.3AI Score
0.002EPSS
The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353...
9.1CVSS
8.8AI Score
0.004EPSS