new file mode 100644
@@ -0,0 +1,30 @@
+From 5b9a7c0fc7054b4f16a5058eef721470e9adcfcc Mon Sep 17 00:00:00 2001
+From: Helmut Grohne <helmut@subdivi.de>
+Date: Sun, 16 Mar 2025 21:16:40 +0100
+Subject: [PATCH] voc: word width should never be 0 to avoid division by zero
+
+Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2021-3643.patch
+
+CVE: CVE-2021-3643
+CVE: CVE-2021-23210
+Upstream-Status: Inactive-Upstream [lastrelease: 2015]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/voc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/voc.c b/src/voc.c
+index a75639e9..0ca07f94 100644
+--- a/src/voc.c
++++ b/src/voc.c
+@@ -625,6 +625,10 @@ static int getblock(sox_format_t * ft)
+ v->rate = new_rate_32;
+ ft->signal.rate = new_rate_32;
+ lsx_readb(ft, &uc);
++ if (uc <= 1) {
++ lsx_fail_errno(ft, SOX_EFMT, "2 bits per word required");
++ return (SOX_EOF);
++ }
+ v->size = uc;
+ lsx_readb(ft, &uc);
+ if (v->channels != -1 && uc != v->channels) {
@@ -29,6 +29,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPL;md5=751419260aa954499f7abaabaa882bbe \
SRC_URI = "git://git.code.sf.net/p/sox/code;protocol=https;branch=master \
file://0001-remove-the-error-line-and-live-without-file-type-det.patch \
+ file://CVE-2021-3643_CVE-2021-23210.patch \
"
# last release was in 2015, use latest hash from 2024-05-30