Package "sox"
| Name: |
sox
|
Description: |
Swiss army knife of sound processing
|
| Latest version: |
14.4.2-3ubuntu0.18.04.3 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
universe |
| Homepage: |
https://sox.sourceforge.io/ |
Links
Download "sox"
Other versions of "sox" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
sox (14.4.2-3ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY REGRESSION: Denial of Service
- debian/patches/CVE-2021-33844.patch: fixed regression in wav-gsm
decodeing introduced via fixing CVE-2021-33844.
- CVE-2021-33844
-- Amir Naseredini <email address hidden> Fri, 17 Mar 2023 16:56:11 +0000
|
| Source diff to previous version |
| CVE-2021-33844 |
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, co |
|
|
sox (14.4.2-3ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2019-13590.patch: fixed a possible buffer overflow
in startread function.
- debian/patches/CVE-2021-23159.patch: fixed a possible buffer overflow
in lsx_read_w_buf function (CVE-2021-23159) and in startread function
(CVE-2021-23172)
- debian/patches/CVE-2021-33844.patch: fixed a possible division by zero
in startread function
- debian/patches/CVE-2021-3643.patch: fixed a possible buffer overflow
(CVE-2021-3643) and a possible division by zero (CVE-2021-23210) in
voc component
- debian/patches/CVE-2021-40426.patch: fixed a possible buffer overflow
in start_read function
- debian/patches/CVE-2022-31650.patch: fixed a possible floating-point
exception in lsx_aiffstartwrite function
- debian/patches/CVE-2022-31651.patch: fixed a possible assertion failure
in rate_init function
- debian/patches/fix-hcom-big-endian.patch: fixed a possible assertion
failure in hcom component
- debian/patches/fix-resource-leak-comments.patch: fixed a possible
unexpected behaviour on input parsing failure in formats component
- debian/patches/fix-resource-leak-hcom.patch: fixed a possible
unexpected behaviour on failure in hcom component
- CVE-2019-13590
- CVE-2021-23159
- CVE-2021-23172
- CVE-2021-33844
- CVE-2021-3643
- CVE-2021-23210
- CVE-2021-40426
- CVE-2022-31650
- CVE-2022-31651
* SECURITY UPDATE: Regression
- debian/patches/CVE-2017-11358-revised.patch: fixed a regression caused
by another patch.
- CVE-2017-11358
-- Amir Naseredini <email address hidden> Wed, 01 Mar 2023 10:21:11 +0000
|
| Source diff to previous version |
| CVE-2019-13590 |
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition |
| CVE-2021-23159 |
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploita |
| CVE-2021-23172 |
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a |
| CVE-2021-33844 |
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, co |
| CVE-2021-3643 |
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a |
| CVE-2021-23210 |
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, cou |
| CVE-2021-40426 |
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b355 |
| CVE-2022-31650 |
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. |
| CVE-2022-31651 |
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. |
| CVE-2017-11358 |
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and appl |
|
|
sox (14.4.2-3ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow on the result of multiplication fed into
malloc.
- debian/patches/CVE-2019-8354.patch: fix possible buffer size overflow in
lsx_make_lpf()
- CVE-2019-8354
* SECURITY UPDATE: Integer overflow on the result of multiplication fed into
lsx_valloc macro that wraps malloc.
- debian/patches/CVE-2019-8355.patch: fix possible overflow in
lsx_(re)valloc() size calculation
- CVE-2019-8355
* SECURITY UPDATE: Stack-based buffer overflow can lead to write access
outside of the statically declared array.
- debian/patches/CVE-2019-8356.patch: fft4g bail if size too large.
- CVE-2019-8356
* SECURITY UPDATE: NULL pointer deference in lsx_make_lpf.
- debian/patches/CVE-2019-8357.patch: fix possible null pointer deref in
lsx_make_lpf()
- CVE-2019-8357
-- Eduardo Barretto <email address hidden> Thu, 01 Aug 2019 12:27:09 -0300
|
| CVE-2019-8354 |
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When t |
| CVE-2019-8355 |
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that |
| CVE-2019-8356 |
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the |
| CVE-2019-8357 |
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. |
|
About
-
Send Feedback to @ubuntu_updates
