4 matches found
PT-2022-6475 · Sox +4 · Sox +4
Name of the Vulnerable Software and Affected Versions: SoX versions 14.4.2 and earlier Description: The issue is related to a heap-based buffer overflow in the start read function of the Sound Exchange libsox. This can be triggered by a specially-crafted file, potentially allowing a remote attack...
AZL-45171 CVE-2019-1010004 affecting package sox 14.4.2.0-34
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: readsamples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189...
CVE-2019-8354
An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow...
PT-2019-2906 · Sox +2 · Sox +2
Name of the Vulnerable Software and Affected Versions: SoX version 14.4.2 Description: A problem was discovered in the lsx make lpf function in effect i dsp.c, which allows a NULL pointer dereference. This issue can be exploited by a remote attacker to cause a denial of service. Recommendations:...