Skip to main content

Sound Exchange

20 CVEs product

Monthly

CVE-2023-34432 HIGH POC This Week

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow RCE Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34318 HIGH This Week

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow RCE Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32627 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26590 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31651 MEDIUM POC This Month

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sound Exchange
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-31650 MEDIUM POC This Month

In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sound Exchange
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-1010004 MEDIUM POC This Month

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Microsoft Information Disclosure Sound Exchange
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2019-13590 MEDIUM POC This Month

An issue was discovered in libsox.a in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Sound Exchange
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-8357 MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Sound Exchange
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2019-8356 MEDIUM POC This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sound Exchange
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2019-8355 MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sound Exchange
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2019-8354 MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sound Exchange Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2017-15642 MEDIUM This Month

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Use After Free Information Disclosure Sound Exchange +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-15372 MEDIUM POC This Month

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-15371 MEDIUM POC This Month

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-15370 MEDIUM POC This Month

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Sound Exchange Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-11359 MEDIUM POC This Month

The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange Debian Linux
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
5.2%
CVE-2017-11358 MEDIUM POC This Month

The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Information Disclosure Sound Exchange +1
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
5.8%
CVE-2017-11332 MEDIUM POC This Month

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange Debian Linux
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
2.6%
CVE-2014-8145 HIGH POC THREAT Act Now

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Buffer Overflow Microsoft Sound Exchange Debian Linux Solaris
NVD
CVSS 2.0
7.5
EPSS
13.0%
EPSS 0% CVSS 7.8
HIGH POC This Week

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sound Exchange
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sound Exchange
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Microsoft +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in libsox.a in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Sound Exchange
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Sound Exchange
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sound Exchange
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sound Exchange
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sound Exchange +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Use After Free +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +2
NVD
EPSS 5% CVSS 5.5
MEDIUM POC This Month

The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange +1
NVD Exploit-DB
EPSS 6% CVSS 5.5
MEDIUM POC This Month

The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +3
NVD Exploit-DB
EPSS 3% CVSS 5.5
MEDIUM POC This Month

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Sound Exchange +1
NVD Exploit-DB
EPSS 13% CVSS 7.5
HIGH POC THREAT Act Now

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Buffer Overflow Microsoft Sound Exchange +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy