Vulnerabilities > Sound Exchange Project

DATE CVE VULNERABILITY TITLE RISK
2017-10-16 CVE-2017-15371 Reachable Assertion vulnerability in multiple products
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2.
local
low complexity
sound-exchange-project debian CWE-617
5.5
2017-10-16 CVE-2017-15370 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2.
local
low complexity
sound-exchange-project debian CWE-119
5.5
2017-07-31 CVE-2017-11359 Divide By Zero vulnerability in multiple products
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
local
low complexity
sound-exchange-project debian CWE-369
5.5
2017-07-31 CVE-2017-11358 Out-of-bounds Read vulnerability in multiple products
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
local
low complexity
sound-exchange-project debian CWE-125
5.5
2017-07-31 CVE-2017-11332 Divide By Zero vulnerability in multiple products
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
local
low complexity
sound-exchange-project debian CWE-369
5.5