A vulnerability was discovered in SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. Reference: https://sourceforge.net/p/sox/bugs/299/ https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219
Created sox tracking bugs for this issue: Affects: fedora-all [bug 1730578]
Statement: This issue is only a security vulnerability for applications linking against libsox, that may be caused to crash prematurely or even, under special circumstances, disclose sensitive memory contents. Attacks against the sox binaries do not constitute a security threat since these are all short-run programs that do not hold sensitive data in memory.