Errata ALT-PU-2015-1234-2: Information
Fixes
Published: July 9, 2021
BDU:2023-01677
Уязвимость функции lsx_adpcm_init программы обработки звука SoX, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Jan. 1, 2015
Modified: March 2, 2019
Modified: March 2, 2019
CVE-2014-8145
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.
Severity: HIGH (7.5)
Links:
- http://packetstormsecurity.com/files/129699/SoX-14.4.1-Heap-Buffer-Overflow.html
- http://www.ocert.org/advisories/ocert-2014-010.html
- 71774
- http://advisories.mageia.org/MGASA-2014-0561.html
- MDVSA-2015:015
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- GLSA-201612-30
- DSA-3112
- [debian-lts-announce] 20190224 [SECURITY] [DLA 1687-1] sox security update
Published: May 2, 2022
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2021-3643
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Links: