CVE-2014-8145

Publication date 31 December 2014

Last updated 24 July 2024

Ubuntu priority

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

From the Ubuntu Security Team

It was discovered that SoX incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sox	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	17.10 artful	Not affected
	17.04 zesty	Not affected
	16.10 yakkety	Not affected
	16.04 LTS xenial	Fixed 14.4.1-5ubuntu0.1
	15.10 wily	Not affected
	15.04 vivid	Not affected
	14.10 utopic	Ignored
	14.04 LTS trusty	Fixed 14.4.1-3ubuntu1.1
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
sox	Vendor: https://www.debian.org/security/2014/dsa-3112

References

Other references

https://www.cve.org/CVERecord?id=CVE-2014-8145