Michele Spagnuolo of the Google Security Team dicovered two heap-based buffer overflows in SoX, the Swiss Army knife of sound processing programs. A specially crafted wav file could cause an application using SoX to crash or, possibly, execute arbitrary code.

For the stable distribution (wheezy), these problems have been fixed in version 14.4.0-3+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your sox packages.

SoX is a command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files during the conversion. As an added bonus, SoX can play and record audio files on several unix-style platforms.

sox on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-3112.html

---

Updated on 2015-03-25