Published: 15/02/2019 Updated: 18/06/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5 | Impact Score: 3.6 | Exploitability Score: 1.3

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sound exchange project sound exchange 14.4.2
debian debian linux 8.0
canonical ubuntu linux 19.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04

Debian Bug report logs - #927906 CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 24 Apr 2019 20:57:02 UTC Severity: grave Tags: fixed-upst ...

SoX could be made to crash if it received a specially crafted MP3 file ...

Impact: Moderate Public Date: 2019-02-07 CWE: CWE-190 Bugzilla: 1678284: CVE-2019-8354 sox: integer ove ...

CWE-787 CWE-190 https://sourceforge.net/p/sox/bugs/319 https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html https://usn.ubuntu.com/4079-1/https://usn.ubuntu.com/4079-2/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906 https://usn.ubuntu.com/4079-1/https://nvd.nist.gov

CVE-2019-8354

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect