FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  514783
Date:      2019-10-19
Time:      09:52:18Z
Committer: wen

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3e4ffe76-e0d4-11d8-9b0a-000347a4fa7dSoX buffer overflows when handling .WAV files

Ulf Härnhammar discovered a pair of buffer overflows in the WAV file handling code of SoX. If an attacker can cause her victim to process a specially-crafted WAV file with SoX (e.g. through social engineering or through some other program that relies on SoX), arbitrary code can be executed with the privileges of the victim.


Discovery 2004-07-28
Entry 2004-08-26
sox
gt 12.17.1 le 12.17.4_1

CVE-2004-0557
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html
http://secunia.com/advisories/12175
http://www.osvdb.org/8267
92cda470-30cb-11e5-a4a5-002590263bf5sox -- input sanitization errors

oCERT reports:

The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock().

A specially crafted wav file can be used to trigger the vulnerabilities.


Discovery 2014-11-20
Entry 2015-07-23
sox
lt 14.4.2

71774
CVE-2014-8145
http://www.ocert.org/advisories/ocert-2014-010.html
9dd761ff-30cb-11e5-a4a5-002590263bf5sox -- memory corruption vulnerabilities

Michele Spagnuolo, Google Security Team, reports:

The write heap buffer overflows are related to ADPCM handling in WAV files, while the read heap buffer overflow is while opening a .VOC.


Discovery 2015-07-22
Entry 2015-07-23
sox
le 14.4.2

http://seclists.org/oss-sec/2015/q3/167