Advisory ROSA-SA-2025-2668

software: sox 14.4.2 OS: ROSA-CHROME packageevrstring: sox-14.4.2-6 CVE-ID: CVE-2022-31650 BDU-ID: 2023-01722 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the lsxaiffstartwrite function of the aiff.c component of the Sound eXchange audio editor is related to insufficient comparison. Exploitation ...

CVE-2022-31651

In SoX 14.4.2, there is an assertion failure in rateinit in rate.c in libsox.a...

PT-2022-6491 · Sox +4 · Sox +4

Name of the Vulnerable Software and Affected Versions: SoX version 14.4.2 Description: The issue is related to an assertion failure in the rate init function within the rate.c component of the SoX audio editor. This failure is due to insufficient use of the assert function. Exploitation of this...

Use-after-free

sox is vulnerable to use-after-free. The vulnerability exists in lsxaiffstartread in aiff.c, allowing a malicious user to exploit this flaw by supplying a malformed AIFF file which may lead to denial of service DoS during the conversion of an audio file...

DLA-1695-1 sox - security update

Bulletin has no description...

CVE-2019-8356

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow...

CVE-2019-8357

An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c allows a NULL pointer dereference...

SoX multiple buffer overflows

Few buffer overflow on parsing .wav files...