Soundexchangeproject Sound Exchange
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Soundexchangeproject Sound Exchange.
By the Year
In 2025 there have been 0 vulnerabilities in Soundexchangeproject Sound Exchange. Sound Exchange did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 4 | 6.65 |
| 2022 | 8 | 6.36 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 6 | 5.42 |
| 2018 | 1 | 7.50 |
It may take a day or so for new Sound Exchange vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Soundexchangeproject Sound Exchange Security Vulnerabilities
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16
CVE-2023-34432
7.8 - High
- July 10, 2023
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
Memory Corruption
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58
CVE-2023-26590
5.5 - Medium
- July 10, 2023
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
Incorrect Comparison
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18
CVE-2023-32627
5.5 - Medium
- July 10, 2023
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
Incorrect Comparison
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41
CVE-2023-34318
7.8 - High
- July 10, 2023
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
Memory Corruption
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file
CVE-2021-23159
5.5 - Medium
- August 25, 2022
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.
Classic Buffer Overflow
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file
CVE-2021-23172
5.5 - Medium
- August 25, 2022
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.
Classic Buffer Overflow
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file
CVE-2021-23210
5.5 - Medium
- August 25, 2022
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.
Divide By Zero
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file
CVE-2021-33844
5.5 - Medium
- August 25, 2022
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.
Divide By Zero
In SoX 14.4.2
CVE-2022-31650
5.5 - Medium
- May 25, 2022
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
Incorrect Comparison
In SoX 14.4.2
CVE-2022-31651
5.5 - Medium
- May 25, 2022
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
assertion failure
A flaw was found in sox 14.4.1
CVE-2021-3643
9.1 - Critical
- May 02, 2022
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
Out-of-bounds Read
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e
CVE-2021-40426
8.8 - High
- April 14, 2022
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Heap-based Buffer Overflow
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read
CVE-2019-1010004
5.5 - Medium
- July 15, 2019
SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.
Out-of-bounds Read
An issue was discovered in libsox.a in SoX 14.4.2
CVE-2019-13590
5.5 - Medium
- July 14, 2019
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.
Integer Overflow or Wraparound
An issue was discovered in SoX 14.4.2
CVE-2019-8357
5.5 - Medium
- February 15, 2019
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
NULL Pointer Dereference
An issue was discovered in SoX 14.4.2
CVE-2019-8356
5.5 - Medium
- February 15, 2019
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
Memory Corruption
An issue was discovered in SoX 14.4.2
CVE-2019-8355
5.5 - Medium
- February 15, 2019
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
Memory Corruption
An issue was discovered in SoX 14.4.2
CVE-2019-8354
5 - Medium
- February 15, 2019
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
Memory Corruption
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may
CVE-2017-18189
7.5 - High
- February 15, 2018
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
NULL Pointer Dereference
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2
CVE-2017-15642
5.5 - Medium
- October 19, 2017
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
Dangling pointer
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2
CVE-2017-15370
5.5 - Medium
- October 16, 2017
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
Buffer Overflow
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2
CVE-2017-15371
5.5 - Medium
- October 16, 2017
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
assertion failure
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2
CVE-2017-15372
5.5 - Medium
- October 16, 2017
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
Buffer Overflow
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2
CVE-2017-11358
5.5 - Medium
- July 31, 2017
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Soundexchangeproject? Click the Watch button to subscribe.
