There is a div zero in voc.c:334, functon read_samples. Which crashes. The trigger command: ./src/.libs/sox bug3 -n noiseprof /dev/null In AddressSanitizer:
div zero
read_samples
In gdb:
The crafted file is attached.
$ sox ~/Downloads/sox-zero.voc -n noiseprof /dev/null sox FAIL sox: `/Users/hans/Downloads/sox-zero.voc' format changed: Unsupported data format
This is CVE-2021-3643 Absent in 14.4.2, Debian and sox_ng Present in 42b355 and sox.sf.net master
CVE-2021-3643
14.4.2
sox_ng
42b355
sox.sf.net master
Log in to post a comment.
This is
CVE-2021-3643Absent in
14.4.2, Debian andsox_ngPresent in
42b355andsox.sf.net master