What is the vulnerability ID for this SoX vulnerability?

The vulnerability ID for this SoX vulnerability is USN-6345-1.

What is the impact of this vulnerability?

The impact of this vulnerability is a possible denial of service if a specially crafted input file is opened.

Which versions of SoX are affected by this vulnerability?

The following versions of SoX are affected by this vulnerability: libsox3 (14.4.2+git20190427-3.4ubuntu1.1), sox (14.4.2+git20190427-3.4ubuntu1.1), libsox3 (14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1), sox (14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1), libsox3 (14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1), sox (14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1), libsox3 (14.4.2-3ubuntu0.18.04.3+esm1), sox (14.4.2-3ubuntu0.18.04.3+esm1), libsox2 (14.4.1-5+deb8u4ubuntu0.1+esm3), sox (14.4.1-5+deb8u4ubuntu0.1+esm3), libsox2 (14.4.1-3ubuntu1.1+esm4), sox (14.4.1-3ubuntu1.1+esm4).

How can I fix this vulnerability?

To fix this vulnerability, you should update to the following versions: libsox3 (14.4.2+git20190427-3.4ubuntu1.1) or later, sox (14.4.2+git20190427-3.4ubuntu1.1) or later, libsox3 (14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1) or later, sox (14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1) or later, libsox3 (14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1) or later, sox (14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1) or later, libsox3 (14.4.2-3ubuntu0.18.04.3+esm1) or later, sox (14.4.2-3ubuntu0.18.04.3+esm1) or later, libsox2 (14.4.1-5+deb8u4ubuntu0.1+esm3) or later, sox (14.4.1-5+deb8u4ubuntu0.1+esm3) or later, libsox2 (14.4.1-3ubuntu1.1+esm4) or later, sox (14.4.1-3ubuntu1.1+esm4) or later.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Ubuntu website and the Launchpad page for SoX.

Vulnerability/
USN-6345-1

6/9/2023

USN-6345-1: SoX vulnerability

First published: Wed Sep 06 2023(Updated: )

It was discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause a denial of service.

Affected Software	Affected Version	How to fix
All of
ubuntu/libsox3	<14.4.2+git20190427-3.4ubuntu1.1	14.4.2+git20190427-3.4ubuntu1.1
	=23.04
All of
ubuntu/sox	<14.4.2+git20190427-3.4ubuntu1.1	14.4.2+git20190427-3.4ubuntu1.1
	=23.04
All of
ubuntu/libsox3	<14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1	14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1
	=22.04
All of
ubuntu/sox	<14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1	14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1
	=22.04
All of
ubuntu/libsox3	<14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1	14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1
	=20.04
All of
ubuntu/sox	<14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1	14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1
	=20.04
All of
ubuntu/libsox3	<14.4.2-3ubuntu0.18.04.3+esm1	14.4.2-3ubuntu0.18.04.3+esm1
	=18.04
All of
ubuntu/sox	<14.4.2-3ubuntu0.18.04.3+esm1	14.4.2-3ubuntu0.18.04.3+esm1
	=18.04
All of
ubuntu/libsox2	<14.4.1-5+deb8u4ubuntu0.1+esm3	14.4.1-5+deb8u4ubuntu0.1+esm3
	=16.04
All of
ubuntu/sox	<14.4.1-5+deb8u4ubuntu0.1+esm3	14.4.1-5+deb8u4ubuntu0.1+esm3
	=16.04
All of
ubuntu/libsox2	<14.4.1-3ubuntu1.1+esm4	14.4.1-3ubuntu1.1+esm4
	=14.04
All of
ubuntu/sox	<14.4.1-3ubuntu1.1+esm4	14.4.1-3ubuntu1.1+esm4
	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2023-32627

Frequently Asked Questions

What is the vulnerability ID for this SoX vulnerability?
The vulnerability ID for this SoX vulnerability is USN-6345-1.
What is the impact of this vulnerability?
The impact of this vulnerability is a possible denial of service if a specially crafted input file is opened.
Which versions of SoX are affected by this vulnerability?
The following versions of SoX are affected by this vulnerability: libsox3 (14.4.2+git20190427-3.4ubuntu1.1), sox (14.4.2+git20190427-3.4ubuntu1.1), libsox3 (14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1), sox (14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1), libsox3 (14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1), sox (14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1), libsox3 (14.4.2-3ubuntu0.18.04.3+esm1), sox (14.4.2-3ubuntu0.18.04.3+esm1), libsox2 (14.4.1-5+deb8u4ubuntu0.1+esm3), sox (14.4.1-5+deb8u4ubuntu0.1+esm3), libsox2 (14.4.1-3ubuntu1.1+esm4), sox (14.4.1-3ubuntu1.1+esm4).
How can I fix this vulnerability?
To fix this vulnerability, you should update to the following versions: libsox3 (14.4.2+git20190427-3.4ubuntu1.1) or later, sox (14.4.2+git20190427-3.4ubuntu1.1) or later, libsox3 (14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1) or later, sox (14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1) or later, libsox3 (14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1) or later, sox (14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1) or later, libsox3 (14.4.2-3ubuntu0.18.04.3+esm1) or later, sox (14.4.2-3ubuntu0.18.04.3+esm1) or later, libsox2 (14.4.1-5+deb8u4ubuntu0.1+esm3) or later, sox (14.4.1-5+deb8u4ubuntu0.1+esm3) or later, libsox2 (14.4.1-3ubuntu1.1+esm4) or later, sox (14.4.1-3ubuntu1.1+esm4) or later.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Ubuntu website and the Launchpad page for SoX.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/23.04
version/ubuntu ubuntu/22.04
version/ubuntu ubuntu/20.04
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04
version/ubuntu ubuntu/14.04