FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sox -- input sanitization errors

Affected packages
sox < 14.4.2


VuXML ID 92cda470-30cb-11e5-a4a5-002590263bf5
Discovery 2014-11-20
Entry 2015-07-23

oCERT reports:

The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock().

A specially crafted wav file can be used to trigger the vulnerabilities.


Bugtraq ID 71774
CVE Name CVE-2014-8145