FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sox -- input sanitization errors

Affected packages
sox < 14.4.2

Details

VuXML ID 92cda470-30cb-11e5-a4a5-002590263bf5
Discovery 2014-11-20
Entry 2015-07-23

oCERT reports:

The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock().

A specially crafted wav file can be used to trigger the vulnerabilities.

References

Bugtraq ID 71774
CVE Name CVE-2014-8145
URL http://www.ocert.org/advisories/ocert-2014-010.html