CVE-2023-34432

NameCVE-2023-34432
DescriptionA heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1041110

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sox (PTS)bullseye (security), bullseye14.4.2+git20190427-2+deb11u2fixed
bookworm14.4.2+git20190427-3.5fixed
trixie14.4.2+git20190427-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
soxsourcebuster14.4.2+git20190427-1+deb10u1
soxsourcebullseye14.4.2+git20190427-2+deb11u1
soxsource(unstable)14.4.2+git20190427-3.21041110

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2212291
https://sourceforge.net/p/sox/bugs/367/
Same fix as for CVE-2021-23159
Search for package or bug name: Reporting problems