) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.8:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-34432 |
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. Published: July 10, 2023; 5:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2019-1010004 |
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. Published: July 14, 2019; 10:15:10 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18189 |
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. Published: February 15, 2018; 5:29:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2014-8145 |
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. Published: December 31, 2014; 5:59:03 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |