Published: 25/08/2022 Updated: 12/02/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

A floating point exception (divide-by-zero) issue exists in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sox project sox 14.4.2-7

Debian Bug report logs - #1021135 sox: CVE-2021-33844 Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 2 Oct 2022 18:03:06 UTC Severity: normal Tags: security, upstream Found in version sox/14 ...

Multiple security issues were discovered in Sox, the Swiss Army knife of sound processing programs, which could result in denial of service or potentially the execution of arbitrary code if a malformed audio file is processed For the stable distribution (bullseye), these problems have been fixed in version 1442+git20190427-2+deb11u1 We recommen ...

One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files Updated sox packages are available to correct this issue For the stable distribution (bullseye), these problems have been fixed in version 1442+git20190427-2+deb11u2 We recommend that you upgrade your sox packages For the detailed se ...

A vulnerability was found in SoX where a divide by zero bug exists in wavc:967, functon startread With a crafted wav file, the application crashes ...

CWE-369 https://bugzilla.redhat.com/show_bug.cgi?id=1975664 https://security.archlinux.org/CVE-2021-33844 https://access.redhat.com/security/cve/CVE-2021-33844 https://sourceforge.net/p/sox/bugs/349/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021135 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5356

CVE-2021-33844

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect