Vulnerabilities > Sound Exchange Project

DATE CVE VULNERABILITY TITLE RISK
2023-07-10 CVE-2023-34432 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16.
7.8
2019-07-15 CVE-2019-1010004 Out-of-bounds Read vulnerability in Sound Exchange Project Sound Exchange
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read.
local
low complexity
sound-exchange-project CWE-125
5.5
2019-07-14 CVE-2019-13590 NULL Pointer Dereference vulnerability in Sound Exchange Project Sound Exchange 14.4.2
An issue was discovered in libsox.a in SoX 14.4.2.
local
low complexity
sound-exchange-project CWE-476
5.5
2019-02-15 CVE-2019-8357 NULL Pointer Dereference vulnerability in Sound Exchange Project Sound Exchange 14.4.2
An issue was discovered in SoX 14.4.2.
local
low complexity
sound-exchange-project CWE-476
5.5
2019-02-15 CVE-2019-8356 Improper Validation of Array Index vulnerability in Sound Exchange Project Sound Exchange 14.4.2
An issue was discovered in SoX 14.4.2.
local
low complexity
sound-exchange-project CWE-129
5.5
2019-02-15 CVE-2019-8355 Integer Overflow or Wraparound vulnerability in Sound Exchange Project Sound Exchange 14.4.2
An issue was discovered in SoX 14.4.2.
local
low complexity
sound-exchange-project CWE-190
5.5
2019-02-15 CVE-2019-8354 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in SoX 14.4.2.
5.0
2018-02-15 CVE-2017-18189 NULL Pointer Dereference vulnerability in multiple products
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
network
low complexity
sound-exchange-project debian CWE-476
7.5
2017-10-19 CVE-2017-15642 Use After Free vulnerability in multiple products
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
local
low complexity
sound-exchange-project debian CWE-416
5.5
2017-10-16 CVE-2017-15372 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2.
local
low complexity
sound-exchange-project debian CWE-119
5.5