Nixpkgs Security Tracker

Permalink CVE-2023-34318

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Heap-buffer-overflow in src/hcom.c

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

References

https://access.redhat.com/security/cve/CVE-2023-34318 x_refsource_REDHAT vdb-entry
RHBZ#2212283 issue-tracking x_refsource_REDHAT
RHBZ#2212283 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-34318 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212283 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-34318 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-34318 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212283 issue-tracking x_refsource_REDHAT x_transferred

Affected products

sox

Matching in nixpkgs

pkgs.sox

Sample Rate Converter for audio

nixos-unstable -
- nixpkgs-unstable 2021-05-09

pkgs.soxr

Audio resampling library

nixos-unstable -
- nixpkgs-unstable 0.1.3

pkgs.soxt

GUI binding for using Open Inventor with Xt/Motif

nixos-unstable -
- nixpkgs-unstable 2019-06-14

pkgs.haskellPackages.sox

Play, write, read, convert audio signals using Sox

nixos-unstable -
- nixpkgs-unstable 0.2.3.2

pkgs.haskellPackages.soxlib

Write, read, convert audio signals using libsox

nixos-unstable -
- nixpkgs-unstable 0.0.3.2

pkgs.python312Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python313Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.haskellPackages.word-note-sox

SoX for algorithmic composition with groups of notes liken to words

nixos-unstable -
- nixpkgs-unstable 0.1.0.0

Package maintainers

@thielema Henning Thielemann <nix@henning-thielemann.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@MarcWeber Marc Weber <marco-oweber@gmx.de>
@tmplt Viktor Sonesten <v@tmplt.dev>

Permalink CVE-2023-26590

6.2 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

Floating point exception in src/aiff.c

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

References

https://access.redhat.com/security/cve/CVE-2023-26590 x_refsource_REDHAT vdb-entry
RHBZ#2212279 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-26590 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212279 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-26590 x_refsource_REDHAT vdb-entry
RHBZ#2212279 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-26590 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212279 issue-tracking x_refsource_REDHAT x_transferred

Affected products

sox

Matching in nixpkgs

pkgs.sox

Sample Rate Converter for audio

nixos-unstable -
- nixpkgs-unstable 2021-05-09

pkgs.soxr

Audio resampling library

nixos-unstable -
- nixpkgs-unstable 0.1.3

pkgs.soxt

GUI binding for using Open Inventor with Xt/Motif

nixos-unstable -
- nixpkgs-unstable 2019-06-14

pkgs.haskellPackages.sox

Play, write, read, convert audio signals using Sox

nixos-unstable -
- nixpkgs-unstable 0.2.3.2

pkgs.haskellPackages.soxlib

Write, read, convert audio signals using libsox

nixos-unstable -
- nixpkgs-unstable 0.0.3.2

pkgs.python312Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python313Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.haskellPackages.word-note-sox

SoX for algorithmic composition with groups of notes liken to words

nixos-unstable -
- nixpkgs-unstable 0.1.0.0

Package maintainers

@thielema Henning Thielemann <nix@henning-thielemann.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@MarcWeber Marc Weber <marco-oweber@gmx.de>
@tmplt Viktor Sonesten <v@tmplt.dev>

Permalink CVE-2023-34432

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Heap-buffer-overflow in src/formats_i.c

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

References

https://access.redhat.com/security/cve/CVE-2023-34432 x_refsource_REDHAT vdb-entry
RHBZ#2212291 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-34432 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212291 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-34432 x_refsource_REDHAT vdb-entry
RHBZ#2212291 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-34432 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212291 issue-tracking x_refsource_REDHAT x_transferred

Affected products

sox

Matching in nixpkgs

pkgs.sox

Sample Rate Converter for audio

nixos-unstable -
- nixpkgs-unstable 2021-05-09

pkgs.soxr

Audio resampling library

nixos-unstable -
- nixpkgs-unstable 0.1.3

pkgs.soxt

GUI binding for using Open Inventor with Xt/Motif

nixos-unstable -
- nixpkgs-unstable 2019-06-14

pkgs.haskellPackages.sox

Play, write, read, convert audio signals using Sox

nixos-unstable -
- nixpkgs-unstable 0.2.3.2

pkgs.haskellPackages.soxlib

Write, read, convert audio signals using libsox

nixos-unstable -
- nixpkgs-unstable 0.0.3.2

pkgs.python312Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python313Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.haskellPackages.word-note-sox

SoX for algorithmic composition with groups of notes liken to words

nixos-unstable -
- nixpkgs-unstable 0.1.0.0

Package maintainers

@thielema Henning Thielemann <nix@henning-thielemann.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@MarcWeber Marc Weber <marco-oweber@gmx.de>
@tmplt Viktor Sonesten <v@tmplt.dev>

Permalink CVE-2023-32627

6.2 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

Floating point exception in src/voc.c

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

References

https://access.redhat.com/security/cve/CVE-2023-32627 x_refsource_REDHAT vdb-entry
RHBZ#2212282 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html
https://access.redhat.com/security/cve/CVE-2023-32627 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212282 issue-tracking x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html x_transferred
https://access.redhat.com/security/cve/CVE-2023-32627 x_refsource_REDHAT vdb-entry
RHBZ#2212282 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html x_transferred
https://access.redhat.com/security/cve/CVE-2023-32627 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212282 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-32627 x_refsource_REDHAT vdb-entry
RHBZ#2212282 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html
https://access.redhat.com/security/cve/CVE-2023-32627 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2212282 issue-tracking x_refsource_REDHAT x_transferred
https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html x_transferred

Affected products

sox

Matching in nixpkgs

pkgs.sox

Sample Rate Converter for audio

nixos-unstable -
- nixpkgs-unstable 2021-05-09

pkgs.soxr

Audio resampling library

nixos-unstable -
- nixpkgs-unstable 0.1.3

pkgs.soxt

GUI binding for using Open Inventor with Xt/Motif

nixos-unstable -
- nixpkgs-unstable 2019-06-14

pkgs.haskellPackages.sox

Play, write, read, convert audio signals using Sox

nixos-unstable -
- nixpkgs-unstable 0.2.3.2

pkgs.haskellPackages.soxlib

Write, read, convert audio signals using libsox

nixos-unstable -
- nixpkgs-unstable 0.0.3.2

pkgs.python312Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python313Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.haskellPackages.word-note-sox

SoX for algorithmic composition with groups of notes liken to words

nixos-unstable -
- nixpkgs-unstable 0.1.0.0

Package maintainers

@thielema Henning Thielemann <nix@henning-thielemann.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@MarcWeber Marc Weber <marco-oweber@gmx.de>
@tmplt Viktor Sonesten <v@tmplt.dev>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.sox

pkgs.soxr

pkgs.soxt

pkgs.haskellPackages.sox

pkgs.haskellPackages.soxlib

pkgs.python312Packages.soxr

pkgs.python313Packages.soxr

pkgs.haskellPackages.word-note-sox

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.sox

pkgs.soxr

pkgs.soxt

pkgs.haskellPackages.sox

pkgs.haskellPackages.soxlib

pkgs.python312Packages.soxr

pkgs.python313Packages.soxr

pkgs.haskellPackages.word-note-sox

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.sox

pkgs.soxr

pkgs.soxt

pkgs.haskellPackages.sox

pkgs.haskellPackages.soxlib

pkgs.python312Packages.soxr

pkgs.python313Packages.soxr

pkgs.haskellPackages.word-note-sox

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.sox

pkgs.soxr

pkgs.soxt

pkgs.haskellPackages.sox

pkgs.haskellPackages.soxlib

pkgs.python312Packages.soxr

pkgs.python313Packages.soxr

pkgs.haskellPackages.word-note-sox

Package maintainers