ALAS2-2023-2231 --- soxID: oval:org.secpod.oval:def:1701594 | Date: (C)2023-09-19 (M)2024-01-03 |
Class: PATCH | Family: unix |
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. A vulnerabilty was found in sox v14.4.3, Floating Point Exception vulnerability that exists in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This vulnerability could lead to security issues such as denial of service. A vulnerabilty was found in sox v14.4.3, where floating point exception vulnerability that exists in the read_samples function at sox/src/voc.c:334:18. This vulnerability could lead to security issues such as denial of service. A vulnerabilty was found in sox v14.4.3, heap-buffer-overflow vulnerability that exists in the startread function at sox/src/hcom.c:160:41. This vulnerability could lead to security issues such as denial of service, code execution, or information disclosure A vulnerabilty was found in sox v14.4.3, heap-buffer-overflow vulnerability that exists in the lsx_readbuf function at sox/src/formats_i.c:98:16. This vulnerability could lead to security issues such as denial of service, code execution, or information disclosure