CVE-2021-3643
EUVD-2021-2694202.05.2022, 19:15
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sound_exchange_project | sound_exchange | 14.4.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| sox |
|
Common Weakness Enumeration
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.