Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-8145

Published: 31/12/2014 Updated: 01/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sound Exchange Project

Vulnerability Summary

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and previous versions allow remote malicious users to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sound exchange project sound exchange

debian debian linux 7.0

debian debian linux 8.0

oracle solaris 11.2

Vendor Advisories

Debian CVElist Bug Report Logs: sox: CVE-2014-8145
Debian Bug report logs - #773720 sox: CVE-2014-8145 Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 Dec 2014 15:57:01 UTC Severity: grave Tags: security, upstream Found in versions sox/ ...
Debian Security Advisories: DSA-3112-1 sox -- security update
Michele Spagnuolo of the Google Security Team dicovered two heap-based buffer overflows in SoX, the Swiss Army knife of sound processing programs A specially crafted wav file could cause an application using SoX to crash or, possibly, execute arbitrary code For the stable distribution (wheezy), these problems have been fixed in version 1440-3+d ...
Red Hat: CVE-2014-8145
It was discovered that SoX did not correctly process NIST Sphere and WAV audio files By tricking a victim into processing a specially crafted NIST Sphere or WAV audio file, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running SoX ...

References

CWE-119http://packetstormsecurity.com/files/129699/SoX-14.4.1-Heap-Buffer-Overflow.htmlhttp://www.ocert.org/advisories/ocert-2014-010.htmlhttp://www.securityfocus.com/bid/71774http://advisories.mageia.org/MGASA-2014-0561.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:015http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttps://security.gentoo.org/glsa/201612-30http://www.debian.org/security/2014/dsa-3112https://lists.debian.org/debian-lts-announce/2019/02/msg00034.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773720https://www.debian.org/security/./dsa-3112https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-8145
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook