CVE-2021-40426
Description
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.136
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| sox security update(DSA-5356-1) sox_14.4.2+git20190427-2+deb11u1_amd64.deb | Linux |
| Swiss army knife of sound processing (USN-5904-1) sox_14.4.2+git20190427-2+deb11u1build0.20.04.1_i386.deb | Linux |
| Swiss army knife of sound processing (USN-5904-1) sox_14.4.2+git20190427-2+deb11u1build0.20.04.1_amd64.deb | Linux |
| Swiss army knife of sound processing (USN-5904-1) sox_14.4.2+git20190427-2+deb11u1build0.22.04.1_i386.deb | Linux |
| Swiss army knife of sound processing (USN-5904-1) sox_14.4.2+git20190427-2+deb11u1build0.22.04.1_amd64.deb | Linux |
| Swiss army knife of sound processing (USN-5904-1) libsox3_14.4.2+git20190427-2+deb11u1build0.20.04.1_i386.deb | Linux |
| Swiss army knife of sound processing (USN-5904-1) libsox3_14.4.2+git20190427-2+deb11u1build0.20.04.1_amd64.deb | Linux |
| Swiss army knife of sound processing (USN-5904-1) libsox3_14.4.2+git20190427-2+deb11u1build0.22.04.1_i386.deb | Linux |
| Swiss army knife of sound processing (USN-5904-1) libsox3_14.4.2+git20190427-2+deb11u1build0.22.04.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234