Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 533296 (CVE-2014-8145)

Summary: <media-sound/sox-14.4.2: input sanitization errors
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: sound
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-12-22 14:26:17 UTC
From ${URL} :

#2014-010 SoX input sanitization errors


The SoX project is an open source tool for sound processing.

The sox command line tool is affected by two heap-based buffer overflows,
respectively located in functions start_read() and AdpcmReadBlock().

A specially crafted wav file can be used to trigger the vulnerabilities.

Affected version:

SoX <= 14.4.1

Fixed version:

SoX > 14.4.1

Credit: vulnerability report received from the Google Security Team.

CVE: CVE-2014-8145


2014-11-20: vulnerability report received
2014-12-02: contacted maintainer
2014-12-13: patch provided by maintainer
2014-12-14: reporter confirms patch
2014-12-15: contacted affected vendors
2014-12-18: assigned CVE
2014-12-22: advisory release

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-23 00:46:35 UTC
@ Maintainer(s): Please cleanup and drop =media-sound/sox-14.4.1
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-12-05 02:09:34 UTC
Please clean...
Comment 3 Tim Harder gentoo-dev 2016-12-10 20:52:11 UTC
(In reply to Aaron Bauman from comment #2)
> Please clean...

Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-12-11 23:58:27 UTC
This issue was resolved and addressed in
 GLSA 201612-30 at
by GLSA coordinator Kristian Fiskerstrand (K_F).