sox - Debian Package Tracker

6 security issues in stretch high

5 important issues:

CVE-2021-3643: A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
CVE-2021-23210:
CVE-2021-40426: A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-31650: In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651: In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.

1 ignored issue:

CVE-2019-13590: An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

Created: 2022-03-24 Last update: 2022-05-27 07:09

5 security issues in sid high

5 important issues:

CVE-2021-3643: A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
CVE-2021-23210:
CVE-2021-40426: A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-31650: In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651: In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.

Created: 2022-03-24 Last update: 2022-05-27 07:09

6 security issues in buster high

5 important issues:

CVE-2021-3643: A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
CVE-2021-23210:
CVE-2021-40426: A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-31650: In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651: In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.

1 ignored issue:

CVE-2019-13590: An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

Created: 2021-02-19 Last update: 2022-05-27 07:09

5 security issues in bullseye high

There are 5 open security issues in bullseye.

5 important issues:

CVE-2021-3643: A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
CVE-2021-23210:
CVE-2021-40426: A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-31650: In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651: In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.

Created: 2022-03-24 Last update: 2022-05-27 07:09

5 security issues in bookworm high

There are 5 open security issues in bookworm.

5 important issues:

CVE-2021-3643: A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
CVE-2021-23210:
CVE-2021-40426: A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-31650: In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651: In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.

Created: 2022-03-24 Last update: 2022-05-27 07:09

lintian reports 1 error high

Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-08-22 06:06

Depends on packages which need a new maintainer normal

The packages that sox depends on which need a new maintainer are:

Created: 2022-04-21 Last update: 2022-05-29 09:37

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2016-04-07 Last update: 2016-04-07 19:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:24