Home

CVE-2021-3643

Description

A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.079

Associated Vulnerability

VulnerabilityOS Platform
sox security update(DSA-5356-1) sox_14.4.2+git20190427-2+deb11u1_amd64.debLinux
Swiss army knife of sound processing (USN-5904-1) sox_14.4.2+git20190427-2+deb11u1build0.20.04.1_i386.debLinux
Swiss army knife of sound processing (USN-5904-1) sox_14.4.2+git20190427-2+deb11u1build0.20.04.1_amd64.debLinux
Swiss army knife of sound processing (USN-5904-1) sox_14.4.2+git20190427-2+deb11u1build0.22.04.1_i386.debLinux
Swiss army knife of sound processing (USN-5904-1) sox_14.4.2+git20190427-2+deb11u1build0.22.04.1_amd64.debLinux
Swiss army knife of sound processing (USN-5904-1) libsox3_14.4.2+git20190427-2+deb11u1build0.20.04.1_i386.debLinux
Swiss army knife of sound processing (USN-5904-1) libsox3_14.4.2+git20190427-2+deb11u1build0.20.04.1_amd64.debLinux
Swiss army knife of sound processing (USN-5904-1) libsox3_14.4.2+git20190427-2+deb11u1build0.22.04.1_i386.debLinux
Swiss army knife of sound processing (USN-5904-1) libsox3_14.4.2+git20190427-2+deb11u1build0.22.04.1_amd64.debLinux
sox Security Update (ALAS-2023-2231) sox-14.4.1-7.amzn2.0.2.i686.rpmLinux
sox Security Update (ALAS-2023-2231) sox-14.4.1-7.amzn2.0.2.x86_64.rpmLinux
sox Security Update (ALAS-2023-2231) sox-devel-14.4.1-7.amzn2.0.2.x86_64.rpmLinux
sox Security Update (ALAS2-2023-2231) sox-14.4.1-7.amzn2.0.2.x86_64.rpmLinux
sox Security Update (ALAS2-2023-2231) sox-14.4.1-7.amzn2.0.2.i686.rpmLinux
sox Security Update (ALAS2-2023-2231) sox-devel-14.4.1-7.amzn2.0.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234