MidnightBSD

Advisories for sound_exchange_project

CVE-2014-8145 HIGH

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
oracle solaris 11.2
sound_exchange_project sound_exchange *
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2017-11332 MEDIUM

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
sound_exchange_project sound_exchange 14.4.2
CVE-2017-11358 MEDIUM

The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
sound_exchange_project sound_exchange 14.4.2
CVE-2017-11359 MEDIUM

The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
sound_exchange_project sound_exchange 14.4.2
CVE-2017-15370 MEDIUM

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
sound_exchange_project sound_exchange 14.4.2
CVE-2017-15371 MEDIUM

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
sound_exchange_project sound_exchange 14.4.2
CVE-2017-15372 MEDIUM

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
sound_exchange_project sound_exchange 14.4.2
CVE-2017-15642 MEDIUM

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
sound_exchange_project sound_exchange 14.4.2
CVE-2017-18189 MEDIUM

In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange *
debian debian_linux 8.0
CVE-2019-1010004 MEDIUM

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange *
CVE-2019-13590 MEDIUM

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-476,

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2
CVE-2019-8354 MEDIUM

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
sound_exchange_project sound_exchange 14.4.2
CVE-2019-8355 MEDIUM

An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2
CVE-2019-8356 MEDIUM

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,CWE-787,

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2
CVE-2019-8357 MEDIUM

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2
CVE-2021-23159

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2-7
sox_project sox 14.4.2-7
CVE-2021-23172

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2-7
sox_project sox 14.4.2-7
CVE-2021-23210

A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2-7
sox_project sox 14.4.2-7
CVE-2021-33844

A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2-7
sox_project sox 14.4.2-7
CVE-2021-3643 MEDIUM

A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-120,

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.1
sox_project sox 14.4.1
CVE-2021-40426 MEDIUM

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
sound_exchange_project sound_exchange 14.4.2
libsox_project libsox 14.4.2
CVE-2022-31650 MEDIUM

In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-697,

Products Affected

Vendor Product Version
sox_project sox 14.4.2
sound_exchange_project sound_exchange 14.4.2
CVE-2022-31651 MEDIUM

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
sox_project sox 14.4.2
sound_exchange_project sound_exchange 14.4.2
CVE-2023-26590

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
sox_project sox 14.4.3
redhat enterprise_linux 6.0
sound_exchange_project sound_exchange 14.4.3
redhat enterprise_linux 7.0
fedoraproject extra_packages_for_enterprise_linux 8.0
fedoraproject fedora 38
CVE-2023-32627

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
sox_project sox 14.4.3
redhat enterprise_linux 6.0
sound_exchange_project sound_exchange 14.4.3
redhat enterprise_linux 7.0
fedoraproject extra_packages_for_enterprise_linux 8.0
fedoraproject fedora 38
CVE-2023-34318

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
sox_project sox 14.4.3
redhat enterprise_linux 6.0
sound_exchange_project sound_exchange 14.4.3
redhat enterprise_linux 7.0
fedoraproject extra_packages_for_enterprise_linux 8.0
fedoraproject fedora 38
CVE-2023-34432

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux 6.0
sound_exchange_project sound_exchange *
redhat enterprise_linux 7.0
fedoraproject extra_packages_for_enterprise_linux 8.0
fedoraproject fedora 38