FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sox -- memory corruption vulnerabilities

Affected packages
sox <= 14.4.2

Details

VuXML ID 9dd761ff-30cb-11e5-a4a5-002590263bf5
Discovery 2015-07-22
Entry 2015-07-23

Michele Spagnuolo, Google Security Team, reports:

The write heap buffer overflows are related to ADPCM handling in WAV files, while the read heap buffer overflow is while opening a .VOC.

References

URL http://seclists.org/oss-sec/2015/q3/167