sox is vulnerable to use-after-free. The vulnerability exists in lsx_aiffstartread
in aiff.c
, allowing a malicious user to exploit this flaw by supplying a malformed AIFF file which may lead to denial of service (DoS) during the conversion of an audio file.
CPE | Name | Operator | Version |
---|---|---|---|
sox:sid | eq | 14.4.2+git20190427-2 | |
sox:buster | eq | 14.4.2+git20190427-1 | |
sox:bullseye | eq | 14.4.2+git20190427-2 |