Published: 15/02/2019 Updated: 24/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sound exchange project sound exchange 14.4.2

Debian Bug report logs - #927906 CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 24 Apr 2019 20:57:02 UTC Severity: grave Tags: fixed-upst ...

SoX could be made to crash if it received a specially crafted MP3 file ...

Impact: Moderate Public Date: 2019-02-07 CWE: CWE-121 Bugzilla: 1678295: CVE-2019-8356 sox: stack-based ...

CWE-787 CWE-129 https://sourceforge.net/p/sox/bugs/321 https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html https://usn.ubuntu.com/4079-1/https://usn.ubuntu.com/4079-2/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906 https://nvd.nist.gov https://usn.ubuntu.com/4079-1/

CVE-2019-8356

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect