OESA-2025-1020

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1020
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1020.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2025-1020
Upstream
Published
2025-01-10T01:46:49Z
Modified
2025-09-03T06:16:51.152888Z
Summary
sox security update
Details

SoX is a cross-platform (Windows, Linux, MacOS X, etc.) command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files, and, as an added bonus, SoX can play and record audio files on most platforms.

Security Fix(es):

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsxcalloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsxreadbuf in formats_i.c.(CVE-2019-13590)

An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.(CVE-2019-8354)

An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsxvalloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channelsstart in remix.c.(CVE-2019-8355)

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.(CVE-2019-8356)

An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c allows a NULL pointer dereference.(CVE-2019-8357)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-31.oe2203sp4

Ecosystem specific 

{
    "x86_64": [
        "sox-14.4.2.0-31.oe2203sp4.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2203sp4.x86_64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2203sp4.x86_64.rpm",
        "sox-devel-14.4.2.0-31.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "sox-14.4.2.0-31.oe2203sp4.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2203sp4.aarch64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2203sp4.aarch64.rpm",
        "sox-devel-14.4.2.0-31.oe2203sp4.aarch64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-31.oe2203sp4.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-31.oe2203sp4.src.rpm"
    ]
}

openEuler:24.03-LTS-SP1 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-31.oe2403sp1

Ecosystem specific 

{
    "x86_64": [
        "sox-14.4.2.0-31.oe2403sp1.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2403sp1.x86_64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2403sp1.x86_64.rpm",
        "sox-devel-14.4.2.0-31.oe2403sp1.x86_64.rpm"
    ],
    "aarch64": [
        "sox-14.4.2.0-31.oe2403sp1.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2403sp1.aarch64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2403sp1.aarch64.rpm",
        "sox-devel-14.4.2.0-31.oe2403sp1.aarch64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-31.oe2403sp1.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-31.oe2403sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-31.oe2203sp3

Ecosystem specific 

{
    "x86_64": [
        "sox-14.4.2.0-31.oe2203sp3.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2203sp3.x86_64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2203sp3.x86_64.rpm",
        "sox-devel-14.4.2.0-31.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "sox-14.4.2.0-31.oe2203sp3.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2203sp3.aarch64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2203sp3.aarch64.rpm",
        "sox-devel-14.4.2.0-31.oe2203sp3.aarch64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-31.oe2203sp3.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-31.oe2203sp3.src.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-31.oe2003sp4

Ecosystem specific 

{
    "x86_64": [
        "sox-14.4.2.0-31.oe2003sp4.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2003sp4.x86_64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2003sp4.x86_64.rpm",
        "sox-devel-14.4.2.0-31.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "sox-14.4.2.0-31.oe2003sp4.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2003sp4.aarch64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2003sp4.aarch64.rpm",
        "sox-devel-14.4.2.0-31.oe2003sp4.aarch64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-31.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-31.oe2003sp4.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-31.oe2203sp1

Ecosystem specific 

{
    "x86_64": [
        "sox-14.4.2.0-31.oe2203sp1.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2203sp1.x86_64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2203sp1.x86_64.rpm",
        "sox-devel-14.4.2.0-31.oe2203sp1.x86_64.rpm"
    ],
    "aarch64": [
        "sox-14.4.2.0-31.oe2203sp1.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2203sp1.aarch64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2203sp1.aarch64.rpm",
        "sox-devel-14.4.2.0-31.oe2203sp1.aarch64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-31.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-31.oe2203sp1.src.rpm"
    ]
}

openEuler:24.03-LTS / sox

Package

Name
sox
Purl
pkg:rpm/openEuler/sox&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.4.2.0-31.oe2403

Ecosystem specific 

{
    "x86_64": [
        "sox-14.4.2.0-31.oe2403sp1.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2403sp1.x86_64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2403sp1.x86_64.rpm",
        "sox-devel-14.4.2.0-31.oe2403sp1.x86_64.rpm",
        "sox-14.4.2.0-31.oe2403.x86_64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2403.x86_64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2403.x86_64.rpm",
        "sox-devel-14.4.2.0-31.oe2403.x86_64.rpm"
    ],
    "aarch64": [
        "sox-14.4.2.0-31.oe2403sp1.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2403sp1.aarch64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2403sp1.aarch64.rpm",
        "sox-devel-14.4.2.0-31.oe2403sp1.aarch64.rpm",
        "sox-14.4.2.0-31.oe2403.aarch64.rpm",
        "sox-debuginfo-14.4.2.0-31.oe2403.aarch64.rpm",
        "sox-debugsource-14.4.2.0-31.oe2403.aarch64.rpm",
        "sox-devel-14.4.2.0-31.oe2403.aarch64.rpm"
    ],
    "noarch": [
        "sox-help-14.4.2.0-31.oe2403sp1.noarch.rpm",
        "sox-help-14.4.2.0-31.oe2403.noarch.rpm"
    ],
    "src": [
        "sox-14.4.2.0-31.oe2403sp1.src.rpm",
        "sox-14.4.2.0-31.oe2403.src.rpm"
    ]
}