CVE-2021-40426 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-40426 PUBLISHED CVSS 10 CRITICAL

Reported by talos · Published April 14, 2022

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Risk Scores

CVSS v3.0

10

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Sound Exchange	libsox	14.4.2, master commit 42b3557e
Sound Exchange	libsox	14.4.2, master commit 42b3557e

Timeline

Apr 14, 2022 CVE Published
Apr 15, 2022 EPSS Score
Jun 4, 2022 EPSS Score
Jul 24, 2022 EPSS Score
Sep 12, 2022 EPSS Score
Oct 31, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 29, 2023 EPSS Score
May 18, 2023 EPSS Score
Jul 6, 2023 EPSS Score
Aug 25, 2023 EPSS Score

References

[oss-security] 20230203 sox: patches for old vulnerabilities mailing-list
[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update mailing-list
DSA-5356 vendor-advisory

Open in Interactive Console →