oCERT-2014-010 SoX input sanitization errors
The SoX project is an open source tool for sound processing.
The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock().
A specially crafted wav file can be used to trigger the vulnerabilities.
SoX <= 14.4.1
SoX > 14.4.1
Credit: vulnerability report from Michele Spagnuolo of Google Security Team <mikispag AT google.com>.
2014-11-20: vulnerability report received
2014-12-02: contacted maintainer
2014-12-13: patch provided by maintainer
2014-12-14: reporter confirms patch
2014-12-15: contacted affected vendors
2014-12-18: assigned CVE
2014-12-22: advisory release
2014-12-29: updated references