VDB
CVE-2021-40426
CVE-2021-40426
PUBLISHED
CVSS 10 CRITICAL
Reported by talos · Published April 14, 2022
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Risk Scores
CVSS 3.0
10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sound Exchange | libsox | 14.4.2, master commit 42b3557e |
| Sound Exchange | libsox | 14.4.2, master commit 42b3557e |
| alpine | sox | 0, 0, 0 |
Exploit Intelligence
Timeline
- Apr 14, 2022 CVE Published
- Apr 15, 2022 EPSS Score
- Jun 4, 2022 EPSS Score
- Jul 25, 2022 EPSS Score
- Sep 14, 2022 EPSS Score
- Nov 3, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 22, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
- Aug 31, 2023 EPSS Score
References
- [oss-security] 20230203 sox: patches for old vulnerabilities mailing-list
- [debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update mailing-list
- DSA-5356 vendor-advisory