Sound Exchange Project Sound Exchange vulnerabilities

CVE-2017-15372 [MEDIUM] CWE-119 CVE-2017-15372: There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sou There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

CVE-2017-15370 [MEDIUM] CWE-119 CVE-2017-15370: There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

CVE-2017-15371 [MEDIUM] CWE-617 CVE-2017-15371: There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXch There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

CVE-2017-11358 [MEDIUM] CWE-125 CVE-2017-11358: The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.

CVE-2017-11359 [MEDIUM] CWE-369 CVE-2017-11359: The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.

CVE-2017-11332 [MEDIUM] CWE-369 CVE-2017-11332: The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a de The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

CVE-2014-8145 [HIGH] CWE-119 CVE-2014-8145: Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attacke Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.