Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sox vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2004-0557
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 up to and including 12.17.4 allow remote malicious users to execute arbitrary code via certain WAV file header fields.
Sox Sox 12.17.4
Conectiva Linux 10.0
Sox Sox 12.17.2
Sox Sox 12.17.3
Conectiva Linux 8.0
Conectiva Linux 9.0
Gentoo Linux 1.4
Redhat Enterprise Linux 3.0
Redhat Enterprise Linux Desktop 3.0
Redhat Fedora Core Core 1.0
Redhat Fedora Core Core 2.0
2 EDB exploits
7.5
CVSSv2
CVE-2014-8145
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and previous versions allow remote malicious users to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.
Sound Exchange Project Sound Exchange
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Oracle Solaris 11.2
6.8
CVSSv2
CVE-2021-40426
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerabi...
Libsox Project Libsox 14.4.2
6.4
CVSSv2
CVE-2021-3643
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an malicious user to input a malicious file, leading to the disclosure of sensitive information.
Sox Project Sox 14.4.1
5
CVSSv2
CVE-2017-18189
In the startread function in xa.c in Sound eXchange (SoX) up to and including 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote malicious user to cause a denial-of-service.
Sound Exchange Project Sound Exchange
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2022-31650
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
Sox Project Sox 14.4.2
4.3
CVSSv2
CVE-2022-31651
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
Sox Project Sox 14.4.2
4.3
CVSSv2
CVE-2019-1010004
SoX - Sound eXchange 14.4.2 and previous versions is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.
Sound Exchange Project Sound Exchange
4.3
CVSSv2
CVE-2019-13590
An issue exists in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that i...
Sound Exchange Project Sound Exchange 14.4.2
4.3
CVSSv2
CVE-2019-8355
An issue exists in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix...
Sound Exchange Project Sound Exchange 14.4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »