Sound Exchange Project: >> Sound Exchange >> 14.4.2 Security Vulnerabilities
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-10-16
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-10-16
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
CVSS Score
5.5
EPSS Score
0.017
Published
2017-07-31
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
CVSS Score
5.5
EPSS Score
0.016
Published
2017-07-31
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
CVSS Score
5.5
EPSS Score
0.016
Published
2017-07-31
Page 2