Sound Exchange libsox sphere.c start_read() heap-based buffer overflow vulnerability [CVE-2021-40426]

April 13, 2022 Luke Simmonds 1780 Views 0 Comments Buffer Overflow Vulnerability, CVE-2021-40426, Cyber Security, Sound Exchange 0 min read

CVE number = CVE-2021-40426

Libsox is a well-aged library used for cross-platform audio editing software, originally written in 1991. After decades of development, a wide range of file formats are supported, including .wav, .flac, and .mp3 (with the aid of an external library).

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e.

A specially-crafted file can lead to a heap buffer overflow.

An attacker can provide a malicious file to trigger this vulnerability.

Tested Versions

Sound Exchange libsox 14.4.2
Sound Exchange libsox master commit 42b3557e

Luke Simmonds

Blogger at www.systemtek.co.uk

Sound Exchange libsox sphere.c start_read() heap-based buffer overflow vulnerability [CVE-2021-40426]

Tested Versions

Like this:

Related Posts

Luke Simmonds

Leave a ReplyCancel reply

Tested Versions

Share this:

Like this:

Related Posts

Luke Simmonds

Leave a ReplyCancel reply