CVE-2017-15371
- EPSS 0.32%
- Published 16.10.2017 04:29:00
- Last modified 20.04.2025 01:37:25
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVE-2017-15370
- EPSS 0.3%
- Published 16.10.2017 04:29:00
- Last modified 20.04.2025 01:37:25
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
CVE-2017-11359
- EPSS 3.3%
- Published 31.07.2017 13:29:01
- Last modified 20.04.2025 01:37:25
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
CVE-2017-11358
- EPSS 4.07%
- Published 31.07.2017 13:29:01
- Last modified 20.04.2025 01:37:25
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
CVE-2017-11332
- EPSS 3.3%
- Published 31.07.2017 13:29:00
- Last modified 20.04.2025 01:37:25
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
CVE-2014-8145
- EPSS 13%
- Published 31.12.2014 22:59:03
- Last modified 12.04.2025 10:46:40
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.