Astra Linux - уязвимость в sox

There is a heap-based buffer overflow vulnerability in the sphere.c startread function of the Sound Exchange libsox 14.4.2 version and the main commit 42b3557e. A specially crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to exploit this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2022-31651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SoX 14.4.2, there is an assertion failure in rateinit in rate.c in libsox.a. CVE-2022-31651 Note that Nessus relies on the presence of the package as reporte...

CVE-2021-39947

In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs...

SUSE CVE-2021-40426

A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

XWiki < 13.10.8, 14.x < 14.4.2, 14.5.x < 14.6 Uncontrolled Resource Consumption Vulnerability (GHSA-4x5r-6v26-7j4v)

Xwiki is prone to an uncontrolled resource consumption vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki...

XWiki 5.0-milestone-1 < 13.10.7, 14.x < 14.4.2 Eval Injection Vulnerability (GHSA-9hqh-fmhg-vq2j)

Xwiki is prone to an improper neutralization of directives in dynamically evaluated code eval injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PT-2022-6475 · Sox +4 · Sox +4

Name of the Vulnerable Software and Affected Versions: SoX versions 14.4.2 and earlier Description: The issue is related to a heap-based buffer overflow in the start read function of the Sound Exchange libsox. This can be triggered by a specially-crafted file, potentially allowing a remote attack...

Sound Exchange libsox 缓冲区错误漏洞

Sound Exchange libsox is a library of sound sample file format readers/writers and sound processors organized by Sound Exchange. It was developed primarily for SoX use, but is useful for any sound application. A security vulnerability exists in Sound Exchange libsox version 14.4.2, which stems fr...

Vulnerabilities fixed in GitLab Runner

Vulnerabilities have been fixed in GitLab Runner. A authenticated malicious party could potentially exploit them to cause a denial-of-service or to gain access to system data. GitLab developers have released updates to address the vulnerabilities in GitLab Runner 14.3.4, 14.4.2 and 14.5.2. For mo...

SoX Buffer Overflow Vulnerability

SoX is a set of open source audio processing tools. The product supports playing, converting and recording audio in many formats. A buffer overflow vulnerability exists in the 'readsamples' function of the xa.c file in SoX 14.4.2 and earlier. The vulnerability stems from a networked system or...

AZL-45171 CVE-2019-1010004 affecting package sox 14.4.2.0-34

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: readsamples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189...

CVE-2019-8354

An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow...

DEBIAN-CVE-2019-8357

An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c allows a NULL pointer dereference...

PT-2019-2905 · Sox +2 · Sox +2

Name of the Vulnerable Software and Affected Versions: SoX version 14.4.2 Description: The issue is related to the bitrv2 function in the fft4g.c file of the SoX audio editor, which is associated with a buffer overflow in memory. This can be exploited by a remote attacker to cause a denial of...

PT-2019-2906 · Sox +2 · Sox +2

Name of the Vulnerable Software and Affected Versions: SoX version 14.4.2 Description: A problem was discovered in the lsx make lpf function in effect i dsp.c, which allows a NULL pointer dereference. This issue can be exploited by a remote attacker to cause a denial of service. Recommendations:...

Sound eXchange Buffer Overflow Vulnerability

Sound eXchange SoX is a set of open source audio processing tools. The tool supports playback, conversion and recording of multiple audio format files. A buffer overflow vulnerability exists in the 'ImaExpandS' function of the imarw.c file in SoX version 14.4.2. An attacker can exploit this...

Sound eXchange 'read_samples' Function Denial of Service Vulnerability

Sound eXchange SoX is a set of open source audio processing tools. The tool supports playback, conversion and recording of multiple audio format files. A security vulnerability exists in the 'readsamples' function of the hcom.c file in SoX version 14.4.2. A remote attacker can exploit this...

SysAid < 14.4.2 Arbitrary File Disclosure Vulnerability

SysAid On-Premise is prone to an arbitrary file disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SysAid Server Arbitrary File Disclosure Vulnerability

SysAid Server is vulnerable to an unauthenticated file disclosure attack that allows an anonymous attacker to read arbitrary files on the system. An attacker exploiting this issue can compromise SysAid user accounts and gain access to important system files. When SysAid is configured to use LDAP...