OPENSUSE-SU-2023:0328-1 Security update for sox

This update for sox fixes the following issues: - Apply various fix patches taken from Debian package; it fixes also other entries CVE-2022-31650 boo1212060 CVE-2023-34318 boo1212062 CVE-2023-34432 boo1212063 - Fix floating point exception in src/voc.c CVE-2023-32627 boo1212061...

Security update for sox (important)

openSUSE Security Update: Security update for sox Announcement ID: openSUSE-SU-2023:0329-1 Rating: important References: 1212060 1212061 1212062 1212063 Cross-References: CVE-2019-13590 CVE-2021-23159 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 CVE-2023-32627...

Security update for sox (important)

openSUSE Security Update: Security update for sox Announcement ID: openSUSE-SU-2023:0328-1 Rating: important References: 1212060 1212061 1212062 1212063 Cross-References: CVE-2019-13590 CVE-2021-23159 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 CVE-2023-32627...

USN-5904-1: SoX vulnerabilities

Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ES...

Ubuntu 16.04 LTS : SoX vulnerabilities (USN-4079-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4079-1 advisory. It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. CVE-2019-8354,...

CVE-2019-13590

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fed into the lsxcalloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid...

Debian DLA-1705-1 : sox security update

Multiple vulnerabilities have been discovered in SoX Sound eXchange, a sound processing program : CVE-2017-11332 The startread function wav.c is affected by a divide-by-zero vulnerability when processing WAV file with zero channel count. This flaw might be leveraged by remote attackers using a...

Debian DSA-565-1 : sox - buffer overflow

Ulf Harnhammar has reported two vulnerabilities in SoX, a universal sound sample translator, which may be exploited by malicious people to compromise a user's system with a specially crafted .wav file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

GLSA-200407-23 : SoX: Multiple buffer overflows

The remote host is affected by the vulnerability described in GLSA-200407-23 SoX: Multiple buffer overflows Ulf Harnhammar discovered two buffer overflows in the sox and play commands when handling WAV files with specially crafted header fields. Impact : By enticing a user to play or convert a...