Published: 25/08/2022 Updated: 12/02/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sox project sox 14.4.2-7

Debian Bug report logs - #1021133 sox: CVE-2021-23159 Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 2 Oct 2022 18:03:02 UTC Severity: important Tags: security, upstream Found in version sox/ ...

Multiple security issues were discovered in Sox, the Swiss Army knife of sound processing programs, which could result in denial of service or potentially the execution of arbitrary code if a malformed audio file is processed For the stable distribution (bullseye), these problems have been fixed in version 1442+git20190427-2+deb11u1 We recommen ...

One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files Updated sox packages are available to correct this issue For the stable distribution (bullseye), these problems have been fixed in version 1442+git20190427-2+deb11u2 We recommend that you upgrade your sox packages For the detailed se ...

A vulnerability was found in SoX, where a heap based overflow was found in formats_ic:376, function lsx_read_w_buf ...

CWE-120 https://access.redhat.com/security/cve/CVE-2021-23159 https://sourceforge.net/p/sox/bugs/352/https://security.archlinux.org/CVE-2021-23159 https://bugzilla.redhat.com/show_bug.cgi?id=1975671 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021133 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5356

CVE-2021-23159

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect