sox_ng wiki - Distro-Fedora


Distro Fedora

The source rpm contains a modified version of sox-14.4.2 and some patches.

The modifications are:

Patches in 14.4.2+git20190427–4

Legend
NR: Not required
Bug Issue
1226675 [abrt] sox: startwrite(): sox killed by SIGFPE #71
1480678 CVE-2017–11332 CVE-2017–11358 CVE-2017–11359 sox: various flaws #7 #8 #9
1500553 It is a stack-overflow vulnerability in lsx_ms_adpcm_block_expand_i (in adpcm.c:126) #12
1500554 It is a heap-buffer-overflow in ImaExpandS (in ima_rw.c:126) #16
1500570 It is a reachable assertion abort in function sox_append_comment (in formats.c:227) that will lead to denial of service attack #11
1510923 CVE-2017–15642 sox: Use-after-free in lsx_aiffstartread #13
1545867 CVE-2017–18189 sox: Null pointer dereference in startread function in xa.c #14
sox-14.4.2-fsf_address_fix #47
sox-14.4.2-hcom_stopwrite_big_endian_bug_fix #42
sox-14.4.2-installcheck_fix #49
sox-14.4.2-lpc10 NR
sox-14.4.2-lsx_symbols #35
sox-sample_tes-t-c99 #50

Open bugs

Bug Issue
2094688 CVE-2021–40426 sox: heap-based buffer overflow vulnerability exists in the sphere.c start_read() function #27
2094700 CVE-2022–31650 sox: a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a #28
2094703 CVE-2022–31651 sox: an assertion failure in rate_init in rate.c in libsox.a #29

Generated by makehtml.sh on mar 25 feb 2025, 23:25:22, CET