DebianDEBIAN:DLA-128-1:6CFF5[SECURITY] [DLA 128-1] sox security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
86.3%
Package : sox
Version : 14.3.1-1+deb6u1
CVE ID : CVE-2014-8145
Debian Bug : 773720
Michele Spagnuolo of the Google Security Team dicovered two heap-based
buffer overflows in SoX, the Swiss Army knife of sound processing
programs. A specially crafted wav file could cause an application using
SoX to crash or, possibly, execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | i386 | libsox-fmt-oss | < 14.4.1-5+deb8u1 | libsox-fmt-oss_14.4.1-5+deb8u1_i386.deb |
| Debian | 7 | kfreebsd-amd64 | libsox-fmt-ao | < 14.4.0-3+deb7u1 | libsox-fmt-ao_14.4.0-3+deb7u1_kfreebsd-amd64.deb |
| Debian | 9 | armel | libsox-fmt-alsa | < 14.4.1-5+deb9u1 | libsox-fmt-alsa_14.4.1-5+deb9u1_armel.deb |
| Debian | 6 | i386 | libsox-fmt-mp3 | < 14.3.1-1+deb6u1 | libsox-fmt-mp3_14.3.1-1+deb6u1_i386.deb |
| Debian | 9 | i386 | libsox-fmt-mp3-dbgsym | < 14.4.1-5+deb9u1 | libsox-fmt-mp3-dbgsym_14.4.1-5+deb9u1_i386.deb |
| Debian | 9 | ppc64el | libsox2 | < 14.4.1-5+deb9u1 | libsox2_14.4.1-5+deb9u1_ppc64el.deb |
| Debian | 9 | ppc64el | libsox-dev | < 14.4.1-5+deb9u1 | libsox-dev_14.4.1-5+deb9u1_ppc64el.deb |
| Debian | 9 | arm64 | libsox-fmt-ao | < 14.4.1-5+deb9u1 | libsox-fmt-ao_14.4.1-5+deb9u1_arm64.deb |
| Debian | 9 | amd64 | libsox-fmt-pulse | < 14.4.1-5+deb9u1 | libsox-fmt-pulse_14.4.1-5+deb9u1_amd64.deb |
| Debian | 9 | mips64el | sox-dbgsym | < 14.4.1-5+deb9u1 | sox-dbgsym_14.4.1-5+deb9u1_mips64el.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
86.3%