sox_ng wiki - Distro-Debian
Debian (hence Ubuntu, Mint...) carries 14.4.2+git20190427-3.5 and -4
but on 2025-12-28, sox-ng-14.7.0.3 entered experimental
Of the tested versions of SoX, Debian's is the one that defends best
against CVEs, though the strategy of importing sox.sf.net's patches
for them is less than 100% successful.
Legend
SUCC Exits zero when it should fail
ABRT Aborts
ASAN Works but the Address Sanitizer reports problems
ALOOP Loops forever when compiled with the Address Sanitizer.
If you give it more than a minute of CPU time, the address sanitizer kills it
saying it has tried to allocate more than `0xc0000000` bytes of VM so the 10x
ASAN slowdown is due to SoX beating `malloc()` to death.
1 Exits 1 without ASAN, "succeeds" with.
- We don't have a test for this bug
Results for Debian bookwork/trixie i386
For test results for other unaddressed CVEs and results for sox.sf.net
and sox_ng see Testing.
Well, you want to upgrade to sox_ng really, and 14.7 contains a debian/
directory again, though something stabler might be a better choice for now;
14.6.1 seems stable and 14.4.5 contains only CVE and bug fixes to 14.4.2.
The current Debian 14.4.2 package, instead, would benefit from the following:
If libopusfile-dev is installed, dpkg-buildpackage says
dh_missing: warning: usr/lib/i386-linux-gnu/sox/libsox_fmt_opus.so exists in debian/tmp but is not installed to anywhere
If libsndio-dev is installed, dpkg-buildpackage says
dh_missing: warning: usr/lib/i386-linux-gnu/sox/libsox_fmt_sndio.so exists in debian/tmp but is not installed to anywhere
libsox-fmt-allI would recommend, not suggest, libsox-fmt-all so that most people get a
SoX that reads/writes most audio formats, which is one of its main purposes.
See the notes at the bottom of Distros.