PT-2021-7702 · Sox+4 · Sox+4

Dhananjay Arunesh

Published

2015-02-27

Updated

2025-06-27

CVE-2021-3643

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions sox version 14.4.1

Description A flaw in the lsx adpcm init function within libsox leads to a global-buffer-overflow. This issue allows an attacker to input a malicious file, resulting in the disclosure of sensitive information. The vulnerability is related to reading beyond the valid boundaries of a data buffer. Exploitation of this vulnerability may allow a remote attacker to access confidential data and cause a denial of service using a malicious file.

Recommendations For sox version 14.4.1, consider disabling the lsx adpcm init function as a temporary workaround until a patch is available. Restrict access to the libsox module to minimize the risk of exploitation. Avoid using malicious files with the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-125

Related Identifiers

ALT-PU-2015-1234

ALT-PU-2024-6289

ALT-PU-2024-6378

ALT-PU-2024-6855

ALT-PU-2024-6966

BDU:2023-01677

CVE-2021-3643

DLA-3315-1

DLA-3315-2

DSA-5356-1

DSA-5356-2

MGASA-2023-0059

OPENSUSE-SU-2023:0328-1

OPENSUSE-SU-2023:0329-1

OPENSUSE-SU-2024:13359-1

USN-5904-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Sox

PT-2021-7702 · Sox+4 · Sox+4

CVE-2021-3643

Weakness Enumeration

Related Identifiers

Affected Products

References · 58