CVE-2014-8145
sox - security update
EPSS 13.0%
Description
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.
How to fix CVE-2014-8145
To remediate CVE-2014-8145, upgrade the affected package to a fixed version below.
- Debian/sox—upgrade to 14.4.2-2 or later
- Debian/sox—upgrade to 14.3.1-1+deb6u1 or later
- Debian/sox—upgrade to 14.4.1-5+deb8u1 or later
- Debian/sox—upgrade to 14.4.0-3+deb7u1 or later
Is CVE-2014-8145 being exploited?
Moderate — EPSS is 13.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 14.4.2-2
- from 0, < 14.3.1-1+deb6u1
- from 0, < 14.4.1-5+deb8u1
- from 0, < 14.4.0-3+deb7u1