AVG-2100 log

Package sox
Status Vulnerable
Severity Medium
Type multiple issues
Affected 14.4.2-7
Fixed Unknown
Current 14.4.2-7 [community]
Ticket Create
Created Thu Jun 24 09:16:06 2021
Issue Severity Remote Type Description
CVE-2021-33844 Low No Denial of service
A vulnerability was found in SoX where a divide by  zero bug exists in wav.c:967, functon startread. With a crafted wav file, the application crashes.
CVE-2021-23210 Low No Denial of service
A vulnerability was found in SoX,  where a divide by zero exists in voc.c:334, functon read_samples.
CVE-2021-23172 Medium No Arbitrary code execution
A vulnerability was found in SoX, where a heap overflow was found in hcom.c:161, function startread. The vulnerability is exploitable with a crafted hcomn file.
CVE-2021-23159 Medium No Arbitrary code execution
A vulnerability was found in SoX, where a heap based overflow was found in  formats_i.c:376, function lsx_read_w_buf.