ALAS2-2023-2231

A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. (CVE-2021-3643)

In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. (CVE-2022-31650)

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. (CVE-2022-31651)

A vulnerabilty was found in sox v14.4.3, Floating Point Exception vulnerability that exists in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This vulnerability could lead to security issues such as denial of service. (CVE-2023-26590)

A vulnerabilty was found in sox v14.4.3, where floating point exception vulnerability that exists in the read_samples function at sox/src/voc.c:334:18. This vulnerability could lead to security issues such as denial of service. (CVE-2023-32627)

A vulnerabilty was found in sox v14.4.3, heap-buffer-overflow vulnerability that exists in the startread function at sox/src/hcom.c:160:41. This vulnerability could lead to security issues such as denial of service, code execution, or information disclosure (CVE-2023-34318)

A vulnerabilty was found in sox v14.4.3, heap-buffer-overflow vulnerability that exists in the lsx_readbuf function at sox/src/formats_i.c:98:16. This vulnerability could lead to security issues such as denial of service, code execution, or information disclosure. (CVE-2023-34432)

aarch64:
    sox-14.4.1-7.amzn2.0.2.aarch64
    sox-devel-14.4.1-7.amzn2.0.2.aarch64
    sox-debuginfo-14.4.1-7.amzn2.0.2.aarch64

i686:
    sox-14.4.1-7.amzn2.0.2.i686
    sox-devel-14.4.1-7.amzn2.0.2.i686
    sox-debuginfo-14.4.1-7.amzn2.0.2.i686

src:
    sox-14.4.1-7.amzn2.0.2.src

x86_64:
    sox-14.4.1-7.amzn2.0.2.x86_64
    sox-devel-14.4.1-7.amzn2.0.2.x86_64
    sox-debuginfo-14.4.1-7.amzn2.0.2.x86_64