Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 28 results


CVE-2021-3643

Medium priority

Some fixes available 6 of 11

A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-40426

Medium priority

Some fixes available 6 of 11

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can...

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Needs evaluation Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-1010004

Medium priority
Not affected

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file....

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Not affected Not affected
Show less packages

CVE-2019-13590

Medium priority

Some fixes available 3 of 6

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL...

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-8357

Medium priority

Some fixes available 10 of 11

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-8356

Medium priority

Some fixes available 10 of 11

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-8355

Medium priority

Some fixes available 10 of 11

An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading...

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-8354

Medium priority

Some fixes available 10 of 11

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based...

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Fixed Fixed Fixed Fixed
Show less packages

CVE-2017-18189

Medium priority

Some fixes available 2 of 3

In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a...

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Not affected Fixed
Show less packages

CVE-2017-15642

Medium priority

Some fixes available 2 of 4

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

1 affected packages

sox

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sox Not affected Fixed
Show less packages