Download
| Alert*
oval:org.secpod.oval:def:108448
sox is installed oval:org.secpod.oval:def:601894 sox is installed oval:org.secpod.oval:def:605230 sox is installed oval:org.secpod.oval:def:108447 SoX is a sound file format converter SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. oval:org.secpod.oval:def:24734 The host is installed with sox in RHEL 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process NIST Sphere and WAV audio files. Successful exploitation could allow attackers to execute arbitrary code with the privileg ... oval:org.secpod.oval:def:70140 sox: Swiss army knife of sound processing SoX could be made to crash if it received a specially crafted MP3 file. oval:org.secpod.oval:def:89358 One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files. Updated sox packages are available to correct this issue. oval:org.secpod.oval:def:114847 SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. oval:org.secpod.oval:def:2000230 In lsx_aiffstartread in aiff.c in Sound eXchange 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. oval:org.secpod.oval:def:113931 SoX is a sound file format converter SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. oval:org.secpod.oval:def:114941 SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. oval:org.secpod.oval:def:114000 SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. oval:org.secpod.oval:def:114023 SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. oval:org.secpod.oval:def:2000306 The startread function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:113929 SoX is a sound file format converter SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. oval:org.secpod.oval:def:2000463 There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:2001413 The wavwritehdr function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted snd file, during conversion to a wav file. oval:org.secpod.oval:def:2001382 There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:2000018 There is a reachable assertion abort in the function sox_append_comment in formats.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:2001465 The read_samples function in hcom.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted hcom file. oval:org.secpod.oval:def:117748 SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. oval:org.secpod.oval:def:2000847 In the startread function in xa.c in Sound eXchange through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. oval:org.secpod.oval:def:205273 SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Security Fix: * sox: NULL pointer dereference in startread function in xa.c For more details about the security issue, incl ... oval:org.secpod.oval:def:503279 SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Security Fix: * sox: NULL pointer dereference in startread function in xa.c For more details about the security issue, incl ... oval:org.secpod.oval:def:1700266 A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files. oval:org.secpod.oval:def:1901950 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1901957 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. oval:org.secpod.oval:def:2001272 An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. oval:org.secpod.oval:def:2000006 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. oval:org.secpod.oval:def:2000125 An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. oval:org.secpod.oval:def:2000420 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:705102 sox: Swiss army knife of sound processing Details: USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 19.04. Original advisory SoX could be made to crash if it received a specially crafted MP3 file. oval:org.secpod.oval:def:1901948 An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. oval:org.secpod.oval:def:1901944 An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. oval:org.secpod.oval:def:68053 sox: Swiss army knife of sound processing SoX could be made to crash if it received a specially crafted MP3 file. oval:org.secpod.oval:def:89357 Multiple security issues were discovered in Sox, the Swiss Army knife of sound processing programs, which could result in denial of service or potentially the execution of arbitrary code if a malformed audio file is processed. oval:org.secpod.oval:def:89403 sox: Swiss army knife of sound processing Several security issues were fixed in SoX. oval:org.secpod.oval:def:708414 sox: Swiss army knife of sound processing SoX could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:89388 sox: Swiss army knife of sound processing Several security issues were fixed in SoX. oval:org.secpod.oval:def:89480 sox: Swiss army knife of sound processing Details: USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Original advisory USN-5904-1 caused a minor regression in SoX. oval:org.secpod.oval:def:3301790 Security update for sox oval:org.secpod.oval:def:2004674 An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h , there is an integer overflow on the result of integer addition fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer d ... oval:org.secpod.oval:def:1701594 A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c ... oval:org.secpod.oval:def:96376 sox: Swiss army knife of sound processing SoX could be made to crash if it received specially crafted input. |