There are 5 open security issues in bullseye.
1 important issue:
- CVE-2021-40426:
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
4 issues left for the package maintainer to handle:
- CVE-2021-3643:
(needs triaging)
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
- CVE-2021-23210:
(needs triaging)
- CVE-2022-31650:
(needs triaging)
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
- CVE-2022-31651:
(needs triaging)
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
You can find information about how to handle these issues in the security team's documentation.