Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-40426

Опубликовано: 14 апр. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.8

Описание

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

РелизСтатусПримечание
bionic

released

14.4.2-3ubuntu0.18.04.2
devel

not-affected

14.4.2+git20190427-5build1
esm-apps/bionic

released

14.4.2-3ubuntu0.18.04.2
esm-apps/focal

released

14.4.2+git20190427-2+deb11u1build0.20.04.1
esm-apps/jammy

released

14.4.2+git20190427-2+deb11u1build0.22.04.1
esm-apps/noble

not-affected

14.4.2+git20190427-4build4
esm-apps/xenial

released

14.4.1-5+deb8u4ubuntu0.1+esm1
esm-infra-legacy/trusty

released

14.4.1-3ubuntu1.1+esm2
focal

released

14.4.2+git20190427-2+deb11u1build0.20.04.1
impish

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 34%
0.00136
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-40426

CVSS3: 8.8
redhat
почти 4 года назад

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

nvd логотип

CVE-2021-40426

CVSS3: 8.8
nvd
почти 4 года назад

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

debian логотип

CVE-2021-40426

CVSS3: 8.8
debian
почти 4 года назад

A heap-based buffer overflow vulnerability exists in the sphere.c star ...

github логотип

GHSA-5x4j-m9qh-g9w5

CVSS3: 8.8
github
почти 4 года назад

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

fstec логотип

BDU:2023-01700

CVSS3: 8.8
fstec
около 3 лет назад

Уязвимость функции start_read() программы обработки звука SoX, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 34%
0.00136
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3