| Package | sox |
|---|---|
| Version | 14.4.1-5+deb8u7 (jessie), 14.4.1-5+deb9u5 (stretch) |
| Related CVEs | CVE-2023-32627 |
SoX is a command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files during the conversion.
Sox was vulnerable to divide by zero vulnerability by reading an specialy crafted Creative Voice File (.voc) file, in the read_samples function. This flaw can lead to a denial of service.
For Debian 8 jessie, these problems have been fixed in version 14.4.1-5+deb8u7.
For Debian 9 stretch, these problems have been fixed in version 14.4.1-5+deb9u5.
We recommend that you upgrade your sox packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.