CVE number = CVE-2021-40426
Libsox is a well-aged library used for cross-platform audio editing software, originally written in 1991. After decades of development, a wide range of file formats are supported, including .wav, .flac, and .mp3 (with the aid of an external library).
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e.
A specially-crafted file can lead to a heap buffer overflow.
An attacker can provide a malicious file to trigger this vulnerability.
Sound Exchange libsox 14.4.2
Sound Exchange libsox master commit 42b3557e
Blogger at www.systemtek.co.uk