CVE-2014-8145 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Exchange Project Sound Exchange

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

7.5HIGHNVD

EPSS

13.0%

top 5.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sound Exchange Project Sound Exchange Debian Linux Oracle Solaris

Timeline

PublishedDec 31

Latest updateMay 14

Description

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsound_exchange_project/sound_exchange14.4.1

▶NVDoracle/solaris11.2

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-qf7x-vm2m-qc7x: Multiple heap-based buffer overflows in Sound eXchange (SoX) 14↗2022-05-14

▶

OSV

CVE-2014-8145: Multiple heap-based buffer overflows in Sound eXchange (SoX) 14↗2014-12-31

▶

CVEList

CVE-2014-8145: Multiple heap-based buffer overflows in Sound eXchange (SoX) 14↗2014-12-31

▶

📋Vendor Advisories

Red Hat

sox: two heap out-of-bounds access issues (oCERT-2014-010)↗2014-12-22

▶

Debian

CVE-2014-8145: sox - Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier ...↗2014

▶

💬Community

Bugzilla

CVE-2014-8145 sox: two heap out-of-bounds access issues (oCERT-2014-010) [fedora-all]↗2015-01-20

▶

Bugzilla

CVE-2014-8145 sox: two heap out-of-bounds access issues (oCERT-2014-010)↗2014-12-16

▶