FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-31 16:42:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9dd761ff-30cb-11e5-a4a5-002590263bf5	sox -- memory corruption vulnerabilities Michele Spagnuolo, Google Security Team, reports: The write heap buffer overflows are related to ADPCM handling in WAV files, while the read heap buffer overflow is while opening a .VOC. Discovery 2015-07-22 Entry 2015-07-23 sox <= 14.4.2 http://seclists.org/oss-sec/2015/q3/167
92cda470-30cb-11e5-a4a5-002590263bf5	sox -- input sanitization errors oCERT reports: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock(). A specially crafted wav file can be used to trigger the vulnerabilities. Discovery 2014-11-20 Entry 2015-07-23 sox < 14.4.2 71774 CVE-2014-8145 http://www.ocert.org/advisories/ocert-2014-010.html

VuXML ID

Description

9dd761ff-30cb-11e5-a4a5-002590263bf5

sox -- memory corruption vulnerabilities

Michele Spagnuolo, Google Security Team, reports:

The write heap buffer overflows are related to ADPCM handling in WAV files, while the read heap buffer overflow is while opening a .VOC.

Discovery 2015-07-22
Entry 2015-07-23
sox

<= 14.4.2

http://seclists.org/oss-sec/2015/q3/167

92cda470-30cb-11e5-a4a5-002590263bf5

sox -- input sanitization errors

oCERT reports:

The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock().

A specially crafted wav file can be used to trigger the vulnerabilities.

Discovery 2014-11-20
Entry 2015-07-23
sox

< 14.4.2

71774
CVE-2014-8145
http://www.ocert.org/advisories/ocert-2014-010.html