Vulnerabilities > Sound Exchange Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-16 | CVE-2017-15371 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. | 4.3 |
| 2017-10-16 | CVE-2017-15370 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. | 4.3 |
| 2017-07-31 | CVE-2017-11359 | Divide By Zero vulnerability in multiple products The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file. | 4.3 |
| 2017-07-31 | CVE-2017-11358 | Out-of-bounds Read vulnerability in multiple products The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. | 5.5 |
| 2017-07-31 | CVE-2017-11332 | Divide By Zero vulnerability in multiple products The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. | 4.3 |
| 2014-12-31 | CVE-2014-8145 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. | 7.5 |