Lucene search
K

37 matches found

UbuntuCve
UbuntuCve
added 2022/04/14 8:15 p.m.33 views

CVE-2021-40426

A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

10CVSS7.4AI score0.02211EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/04/14 7:56 p.m.7 views

CVE-2021-40426

A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

10CVSS8.8AI score0.02211EPSS
Exploits1References4
CVE
CVE
added 2022/04/14 7:56 p.m.111 views

CVE-2021-40426

CVE-2021-40426 is a heap-buffer-overflow in the sphere.c start_read() path of Sound Exchange SoX (libsox) 14.4.2 and the master commit 42b3557e. A specially crafted input file can trigger the overflow, with potential outcomes including crash or more severe impact as described in related advisorie...

10CVSS8.9AI score0.02211EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2022/04/14 7:56 p.m.36 views

CVE-2021-40426

A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

10CVSS9.2AI score0.02211EPSS
Exploits1
Talos
Talos
added 2022/03/23 12:0 a.m.50 views

Sound Exchange libsox sphere.c start_read() heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1434 Sound Exchange libsox sphere.c startread heap-based buffer overflow vulnerability March 23, 2022 CVE Number CVE-2021-40426 SUMMARY A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 a...

10CVSS8.9AI score0.02211EPSS
Exploits1
CNNVD
CNNVD
added 2022/03/23 12:0 a.m.6 views

Sound Exchange libsox 缓冲区错误漏洞

Sound Exchange libsox is a library of sound sample file format readers/writers and sound processors organized by Sound Exchange. It was developed primarily for SoX use, but is useful for any sound application. A security vulnerability exists in Sound Exchange libsox version 14.4.2, which stems fr...

10CVSS8.7AI score0.02211EPSS
Exploits1References11
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.2 views

SoX 缓冲区错误漏洞

SoX is a set of open source audio processing tools. The product supports playing, converting and recording audio in multiple formats. A security vulnerability exists in SoX version 14.4.1, which stems from the lsxadpcminit function in libsox that causes a global buffer overflow...

9.1CVSS8.6AI score0.01489EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2019/08/20 12:0 a.m.6 views

The vulnerability of the `startread` function in the `libsox.a` library of the Sound Exchange (SoX) editor allows a attacker to cause a service failure.

The vulnerability of the startread function in sox-fmt.h of the libsox.a library, a part of the Sound Exchange SoX audio editor, is related to the use of a zero pointer. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...

7.8CVSS5.5AI score0.01059EPSS
Exploits1References8Affected Software3
NVD
NVD
added 2019/07/14 4:15 p.m.19 views

CVE-2019-13590

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fed into the lsxcalloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid...

5.5CVSS5.8AI score0.01059EPSS
Exploits1References2
OSV
OSV
added 2019/07/14 4:15 p.m.4 views

AZL-44592 CVE-2019-13590 affecting package sox 14.4.2.0-34

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fed into the lsxcalloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid...

5.5CVSS6.8AI score0.01059EPSS
Exploits1References1
OSV
OSV
added 2019/07/14 4:15 p.m.1 views

DEBIAN-CVE-2019-13590

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fed into the lsxcalloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid...

5.5CVSS7.1AI score0.01059EPSS
Exploits1References1
OSV
OSV
added 2019/07/14 4:15 p.m.3 views

UBUNTU-CVE-2019-13590

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fed into the lsxcalloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid...

5.5CVSS6.9AI score0.01059EPSS
Exploits1References4
CNVD
CNVD
added 2019/07/14 12:0 a.m.3 views

SoX Input Validation Error Vulnerability

SoX is a set of open source audio processing tools. The product supports playing, converting and recording audio in many formats. An input validation error vulnerability exists in the libsox.a file in SoX version 14.4.2. The vulnerability originates from a network system or product that does not...

5.5CVSS7.2AI score0.01059EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/07/14 12:0 a.m.31 views

CVE-2019-13590

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fed into the lsxcalloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid...

7.1AI score0.01059EPSS
Exploits1References2
CVE
CVE
added 2019/07/14 12:0 a.m.157 views

CVE-2019-13590

CVE-2019-13590 affects SoX 14.4.2 in the library libsox.a. The issue is in sox-fmt.h startread: an integer addition overflow feeds into lsx_calloc, and when malloc returns NULL the code dereferences it in lsx_readbuf (formats_i.c), potentially crashing the app. Connected advisories reiter the roo...

5.5CVSS7AI score0.01059EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2019/05/29 12:0 a.m.143 views

Debian: Security Advisory (DLA-1808-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.3AI score0.01808EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2015/02/27 12:0 a.m.2 views

PT-2021-7702 · Sox +4 · Sox +4

Name of the Vulnerable Software and Affected Versions: sox version 14.4.1 Description: A flaw in the lsx adpcm init function within libsox leads to a global-buffer-overflow. This issue allows an attacker to input a malicious file, resulting in the disclosure of sensitive information. The...

10CVSS5.7AI score0.07709EPSS
Exploits20References118
Rows per page
Query Builder