Sound Exchange Project Sound Exchange — known CVE vulnerabilities
Every CVE whose affected-product data names Sound Exchange Project Sound Exchange, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2021-3643 — CVSS 9.1 (critical): A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker…
CVE-2021-40426 — CVSS 8.8 (high): A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master…
CVE-2023-34432 — CVSS 7.8 (high): A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a…
CVE-2023-34318 — CVSS 7.8 (high): A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial…
CVE-2014-8145 — CVSS 7.5 (high): Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a…
CVE-2017-18189 — CVSS 7.5 (high): In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite…
CVE-2023-32627 — CVSS 6.2 (medium): A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a…
CVE-2023-26590 — CVSS 6.2 (medium): A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead…
CVE-2017-11332 — CVSS 5.5 (medium): The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error…
CVE-2019-1010004 — CVSS 5.5 (medium): SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is…
CVE-2019-13590 — CVSS 5.5 (medium): An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer…
CVE-2019-8355 — CVSS 5.5 (medium): An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc…
CVE-2019-8356 — CVSS 5.5 (medium): An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access…
CVE-2019-8357 — CVSS 5.5 (medium): An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
CVE-2021-23159 — CVSS 5.5 (medium): A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability…
CVE-2021-23172 — CVSS 5.5 (medium): A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is…
CVE-2021-23210 — CVSS 5.5 (medium): A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted…
CVE-2021-33844 — CVSS 5.5 (medium): A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted…
CVE-2017-15370 — CVSS 5.5 (medium): There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a…
CVE-2017-11359 — CVSS 5.5 (medium): The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error…
CVE-2017-15371 — CVSS 5.5 (medium): There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will…
CVE-2017-15642 — CVSS 5.5 (medium): In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed…
CVE-2017-15372 — CVSS 5.5 (medium): There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted…
CVE-2017-11358 — CVSS 5.5 (medium): The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory…
CVE-2019-8354 — CVSS 5.0 (medium): An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into…