CVE-2021-40426
Severity CVSS v4.0:
Pending analysis
Type:
CWE-122
Heap-based Buffer Overflow
Publication date:
14/04/2022
Last modified:
24/06/2025
Description
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2023/02/03/3
- https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
- https://www.debian.org/security/2023/dsa-5356
- http://www.openwall.com/lists/oss-security/2023/02/03/3
- https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
- https://www.debian.org/security/2023/dsa-5356