FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3e4ffe76-e0d4-11d8-9b0a-000347a4fa7dSoX buffer overflows when handling .WAV files

Ulf Härnhammar discovered a pair of buffer overflows in the WAV file handling code of SoX. If an attacker can cause her victim to process a specially-crafted WAV file with SoX (e.g. through social engineering or through some other program that relies on SoX), arbitrary code can be executed with the privileges of the victim.

Discovery 2004-07-28
Entry 2004-08-26
gt 12.17.1 le 12.17.4_1

92cda470-30cb-11e5-a4a5-002590263bf5sox -- input sanitization errors

oCERT reports:

The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock().

A specially crafted wav file can be used to trigger the vulnerabilities.

Discovery 2014-11-20
Entry 2015-07-23
lt 14.4.2

9dd761ff-30cb-11e5-a4a5-002590263bf5sox -- memory corruption vulnerabilities

Michele Spagnuolo, Google Security Team, reports:

The write heap buffer overflows are related to ADPCM handling in WAV files, while the read heap buffer overflow is while opening a .VOC.

Discovery 2015-07-22
Entry 2015-07-23
le 14.4.2