CVE-2021-3643
published 2022-05-02CVE-2021-3643: A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sox | < sox 14.4.2+git20190427-3.2 (bookworm) | sox 14.4.2+git20190427-3.2 (bookworm) |
| sound_exchange_project | sound_exchange | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL