Sound eXchange Project Sound eXchange 12.17.6

CPE Details

Sound eXchange Project Sound eXchange 12.17.6
sound_exchange_project
sound_exchange
12.17.6
2019-07-29
11h29 +00:00
2019-07-29
11h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sound_exchange_project:sound_exchange:12.17.6:*:*:*:*:*:*:*

Informations

Vendor

sound_exchange_project

Product

sound_exchange

Version

12.17.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-34432 2023-07-10 20h05 +00:00 A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
7.8
High
CVE-2019-1010004 2019-07-14 23h44 +00:00 SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.
5.5
Medium
CVE-2017-18189 2018-02-15 09h00 +00:00 In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
7.5
High
CVE-2014-8145 2014-12-31 21h00 +00:00 Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.
7.5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.