RSS   Podatności dla 'Sound exchange'   RSS

2019-07-14
 
CVE-2019-1010004

CWE-125
 

 
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.

 
 
CVE-2019-13590

CWE-190
 

 
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

 
2019-02-15
 
CVE-2019-8357

CWE-476
 

 
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.

 
2018-02-15
 
CVE-2017-18189

CWE-476
 

 
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.

 
2017-10-19
 
CVE-2017-15642

CWE-416
 

 
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

 
2017-10-16
 
CVE-2017-15372

CWE-119
 

 
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

 
 
CVE-2017-15371

CWE-617
 

 
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

 
 
CVE-2017-15370

CWE-119
 

 
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

 

 >>> Vendor: Soundexchange 2 Produkty
Soundexchange
Sound exchange


Copyright 2022, cxsecurity.com

 

Back to Top