|Description||Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DLA-128-1, DLA-1687-1, DSA-3112-1|
Vulnerable and fixed packages
The table below lists information on source packages.
|bullseye, sid, buster||14.4.2+git20190427-1||fixed|
The information below is based on the following data on fixed versions.
The two needed patches were added in 14.4.1-5 but not to the series file
so the patches got not applied during build.