CVE-2022-50798

NameCVE-2022-50798
DescriptionSoX 14.4.2 contains a division by zero vulnerability when handling WAV files that can cause program crashes. Attackers can trigger a floating point exception by providing a specially crafted WAV file that causes arithmetic errors during sound file processing.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sox (PTS)bullseye (security), bullseye14.4.2+git20190427-2+deb11u2vulnerable
bookworm14.4.2+git20190427-3.5vulnerable
forky, sid, trixie14.4.2+git20190427-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
soxsource(unstable)(unfixed)

Notes

https://www.exploit-db.com/exploits/51034
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5712.php
Search for package or bug name: Reporting problems