Buffer overflow in SoX - CVE-2014-8145
Published: January 1, 2015 / Updated: March 22, 2023
Vulnerability identifier: #VU32454
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-8145
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: sox.sourceforge.net
Affected software:
SoX
SoX
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.
How to mitigate CVE-2014-8145
Install update from vendor's website.
Sources
- http://advisories.mageia.org/MGASA-2014-0561.html
- http://packetstormsecurity.com/files/129699/SoX-14.4.1-Heap-Buffer-Overflow.html
- http://www.debian.org/security/2014/dsa-3112
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:015
- http://www.ocert.org/advisories/ocert-2014-010.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.securityfocus.com/bid/71774
- https://lists.debian.org/debian-lts-announce/2019/02/msg00034.html
- https://security.gentoo.org/glsa/201612-30