Bug#1041110: sox: CVE-2023-34432

To: submit@bugs.debian.org
Subject: Bug#1041110: sox: CVE-2023-34432
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 14 Jul 2023 23:42:42 +0200
Message-id: <[🔎] ZLHBUjxZ9r3Q0N55@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1041110@bugs.debian.org

Source: sox
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for sox.

CVE-2023-34432[0]:
| A heap buffer overflow vulnerability was found in sox, in the
| lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can
| lead to a denial of service, code execution, or information
| disclosure.

https://bugzilla.redhat.com/show_bug.cgi?id=2212291
https://sourceforge.net/p/sox/bugs/367/


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34432
    https://www.cve.org/CVERecord?id=CVE-2023-34432

Please adjust the affected versions in the BTS as needed.

Reply to:

Prev by Date: gpac_1.0.1+dfsg1-4+deb11u3_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Next by Date: Bug#1041111: sox: CVE-2023-34318
Previous by thread: gpac_1.0.1+dfsg1-4+deb11u3_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Next by thread: Bug#1041111: sox: CVE-2023-34318
Index(es):
- Date
- Thread