|Description||Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DLA-128-1, DLA-1687-1, DSA-3112-1|
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
The two needed patches were added in 14.4.1-5 but not to the series file
so the patches got not applied during build.