Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 SP3 package sox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2017-18189 — CVSS 7.5 (high): In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite…
CVE-2017-11358 — CVSS 5.5 (medium): The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory…
CVE-2017-11359 — CVSS 5.5 (medium): The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error…
CVE-2017-15370 — CVSS 5.5 (medium): There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a…
CVE-2017-11332 — CVSS 5.5 (medium): The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error…
CVE-2017-15372 — CVSS 5.5 (medium): There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted…
CVE-2017-15642 — CVSS 5.5 (medium): In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed…
CVE-2017-15371 — CVSS 5.5 (medium): There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will…