OESA-2023-1931

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1931
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1931.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1931
Upstream
Published
2023-12-15T11:06:30Z
Modified
2025-08-12T05:07:26.656960Z
Summary
sox security update
Details

SoX is a cross-platform (Windows, Linux, MacOS X, etc.) command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files, and, as an added bonus, SoX can play and record audio files on most platforms.

Security Fix(es):

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsxreadwbuf() in formatsi.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.(CVE-2021-23159)

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.(CVE-2021-23172)

A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.(CVE-2021-23210)

A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.(CVE-2021-33844)

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.(CVE-2023-26590)

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.(CVE-2023-32627)

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34318)

A heap buffer overflow vulnerability was found in sox, in the lsxreadbuf function at sox/src/formatsi.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34432)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-29.oe1

Ecosystem specific 

{
    "aarch64": [
        "sox-debugsource-14.4.2.0-29.oe1.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe1.aarch64.rpm",
        "sox-devel-14.4.2.0-29.oe1.aarch64.rpm",
        "sox-14.4.2.0-29.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "sox-debuginfo-14.4.2.0-29.oe1.x86_64.rpm",
        "sox-devel-14.4.2.0-29.oe1.x86_64.rpm",
        "sox-14.4.2.0-29.oe1.x86_64.rpm",
        "sox-debugsource-14.4.2.0-29.oe1.x86_64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-29.oe1.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-29.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-29.oe1

Ecosystem specific 

{
    "aarch64": [
        "sox-debugsource-14.4.2.0-29.oe1.aarch64.rpm",
        "sox-devel-14.4.2.0-29.oe1.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe1.aarch64.rpm",
        "sox-14.4.2.0-29.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "sox-debugsource-14.4.2.0-29.oe1.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe1.x86_64.rpm",
        "sox-devel-14.4.2.0-29.oe1.x86_64.rpm",
        "sox-14.4.2.0-29.oe1.x86_64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-29.oe1.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-29.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-29.oe2203sp2

Ecosystem specific 

{
    "aarch64": [
        "sox-devel-14.4.2.0-29.oe2203.aarch64.rpm",
        "sox-14.4.2.0-29.oe2203.aarch64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe2203.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe2203sp1.aarch64.rpm",
        "sox-14.4.2.0-29.oe2203sp1.aarch64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203sp1.aarch64.rpm",
        "sox-devel-14.4.2.0-29.oe2203sp1.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe2203sp2.aarch64.rpm",
        "sox-14.4.2.0-29.oe2203sp2.aarch64.rpm",
        "sox-devel-14.4.2.0-29.oe2203sp2.aarch64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203sp2.aarch64.rpm"
    ],
    "x86_64": [
        "sox-devel-14.4.2.0-29.oe2203.x86_64.rpm",
        "sox-14.4.2.0-29.oe2203.x86_64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe2203.x86_64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203sp1.x86_64.rpm",
        "sox-devel-14.4.2.0-29.oe2203sp1.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe2203sp1.x86_64.rpm",
        "sox-14.4.2.0-29.oe2203sp1.x86_64.rpm",
        "sox-devel-14.4.2.0-29.oe2203sp2.x86_64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203sp2.x86_64.rpm",
        "sox-14.4.2.0-29.oe2203sp2.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe2203sp2.x86_64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-29.oe2203.noarch.rpm",
        "sox-help-14.4.2.0-29.oe2203sp1.noarch.rpm",
        "sox-help-14.4.2.0-29.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-29.oe2203.src.rpm",
        "sox-14.4.2.0-29.oe2203sp1.src.rpm",
        "sox-14.4.2.0-29.oe2203sp2.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-29.oe2203sp1

Ecosystem specific 

{
    "aarch64": [
        "sox-debuginfo-14.4.2.0-29.oe2203sp1.aarch64.rpm",
        "sox-14.4.2.0-29.oe2203sp1.aarch64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203sp1.aarch64.rpm",
        "sox-devel-14.4.2.0-29.oe2203sp1.aarch64.rpm"
    ],
    "x86_64": [
        "sox-debugsource-14.4.2.0-29.oe2203sp1.x86_64.rpm",
        "sox-devel-14.4.2.0-29.oe2203sp1.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe2203sp1.x86_64.rpm",
        "sox-14.4.2.0-29.oe2203sp1.x86_64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-29.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-29.oe2203sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP2 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-29.oe2203sp2

Ecosystem specific 

{
    "aarch64": [
        "sox-debuginfo-14.4.2.0-29.oe2203sp2.aarch64.rpm",
        "sox-14.4.2.0-29.oe2203sp2.aarch64.rpm",
        "sox-devel-14.4.2.0-29.oe2203sp2.aarch64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203sp2.aarch64.rpm"
    ],
    "x86_64": [
        "sox-devel-14.4.2.0-29.oe2203sp2.x86_64.rpm",
        "sox-debugsource-14.4.2.0-29.oe2203sp2.x86_64.rpm",
        "sox-14.4.2.0-29.oe2203sp2.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-29.oe2203sp2.x86_64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-29.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-29.oe2203sp2.src.rpm"
    ]
}