FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
92cda470-30cb-11e5-a4a5-002590263bf5sox -- input sanitization errors

oCERT reports:

The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock().

A specially crafted wav file can be used to trigger the vulnerabilities.


Discovery 2014-11-20
Entry 2015-07-23
sox
< 14.4.2

71774
CVE-2014-8145
http://www.ocert.org/advisories/ocert-2014-010.html
9dd761ff-30cb-11e5-a4a5-002590263bf5sox -- memory corruption vulnerabilities

Michele Spagnuolo, Google Security Team, reports:

The write heap buffer overflows are related to ADPCM handling in WAV files, while the read heap buffer overflow is while opening a .VOC.


Discovery 2015-07-22
Entry 2015-07-23
sox
le 14.4.2

http://seclists.org/oss-sec/2015/q3/167