There is a heap overflow in hcom.c:161. Function startread. With crafted hcomn file, the vuln is exploitable. Trigger command: ./src/.libs/sox bug2 -n noiseprof /dev/null
startread
In AddressSanitizer:
In gdb:
The crafted file is attached.
$ sox ~/Downloads/sox-zero.hcom -n noiseprof /dev/null sox FAIL formats: can't open input file `/Users/hans/Downloads/sox-zero.hcom': premature EOF
This is CVE-2021-23172 Absent in 14.4.2, Debian and sox_ng Present in 42b355 and sox.sf.net master
CVE-2021-23172
14.4.2
sox_ng
42b355
sox.sf.net master
Log in to post a comment.
This is
CVE-2021-23172Absent in
14.4.2, Debian andsox_ngPresent in
42b355andsox.sf.net masterLast edit: Martin Guy 2025-03-02