A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Created sox tracking bugs for this issue:
Affects: epel-8 [bug 2094686]
Affects: fedora-35 [bug 2094687]
Affects: fedora-36 [bug 2094688]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):