Published: 25/05/2022 Updated: 23/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an malicious user to input a malicious file, leading to the disclosure of sensitive information. (CVE-2021-3643) In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. (CVE-2022-31650) In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. (CVE-2022-31651) A vulnerabilty was found in sox v14.4.3, Floating Point Exception vulnerability that exists in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This vulnerability could lead to security issues such as denial of service. (CVE-2023-26590) A vulnerabilty was found in sox v14.4.3, where floating point exception vulnerability that exists in the read_samples function at sox/src/voc.c:334:18. This vulnerability could lead to security issues such as denial of service. (CVE-2023-32627) A vulnerabilty was found in sox v14.4.3, heap-buffer-overflow vulnerability that exists in the startread function at sox/src/hcom.c:160:41. This vulnerability could lead to security issues such as denial of service, code execution, or information disclosure (CVE-2023-34318) A vulnerabilty was found in sox v14.4.3, heap-buffer-overflow vulnerability that exists in the lsx_readbuf function at sox/src/formats_i.c:98:16. This vulnerability could lead to security issues such as denial of service, code execution, or information disclosure. (CVE-2023-34432)

Vulnerable Product	Search on Vulmon	Subscribe to Product
sox project sox 14.4.2

Debian Bug report logs - #1012516 sox: CVE-2022-31650 CVE-2022-31651 Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 8 Jun 2022 15:57:01 UTC Severity: normal Tags: security, upstream Forwar ...

Multiple security issues were discovered in Sox, the Swiss Army knife of sound processing programs, which could result in denial of service or potentially the execution of arbitrary code if a malformed audio file is processed For the stable distribution (bullseye), these problems have been fixed in version 1442+git20190427-2+deb11u1 We recommen ...

One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files Updated sox packages are available to correct this issue For the stable distribution (bullseye), these problems have been fixed in version 1442+git20190427-2+deb11u2 We recommend that you upgrade your sox packages For the detailed se ...

A flaw was found in sox 1441 The lsx_adpcm_init function within libsox leads to a global-buffer-overflow This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information (CVE-2021-3643) In SoX 1442, there is a floating-point exception in lsx_aiffstartwrite in aiffc in libsoxa (CVE-2022-31650) In S ...

CWE-617 https://sourceforge.net/p/sox/bugs/360/http://www.openwall.com/lists/oss-security/2023/02/03/3 https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html https://www.debian.org/security/2023/dsa-5356 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012516 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5356 https://alas.aws.amazon.com/AL2/ALAS-2023-2231.html

CVE-2022-31651

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect