CVE-2019-8355
https://notcve.org/view.php?id=CVE-2019-8355
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. Se ha descubierto un problema en SoX 14.4.2. En xmalloc.h, hay un desbordamiento de enteros en el resultado de la multiplicación que se proporciona a la macro lsx_valloc que envuelve a malloc. • https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html https://sourceforge.net/p/sox/bugs/320 https://usn.ubuntu.com/4079-1 https://usn.ubuntu.com/4079-2 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2019-8354
https://notcve.org/view.php?id=CVE-2019-8354
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. Se ha descubierto un problema en SoX 14.4.2. lsx_make_lpf en effect_i_dsp.c tiene un desbordamiento de enteros en el resultado de la multiplicación que se proporciona a malloc. Cuando el búfer se asigna, es más pequeño de lo esperado, lo que conduce a un desbordamiento de búfer basado en memoria dinámica (heap). • https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html https://sourceforge.net/p/sox/bugs/319 https://usn.ubuntu.com/4079-1 https://usn.ubuntu.com/4079-2 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2017-18189 – sox: NULL pointer dereference in startread function in xa.c
https://notcve.org/view.php?id=CVE-2017-18189
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. En la función startread en xa.c en Sound eXchange (SoX) hasta la versión 14.4.2, una cabecera que especifica cero canales desencadena un bucle infinito con una desreferencia de puntero NULL resultante, lo que podría permitir que un atacante remoto provoque una denegación de servicio (DoS). A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files. • https://access.redhat.com/errata/RHSA-2019:2283 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121 https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62RARFRXGKPNNFFNVDV7DHJSOKAIZ3CX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUKFZQSZG2ABMTAMOGBMY7MJNSGEIYTL https://public-inbox.org/sox-devel/20171109114554.16297-1-mans%40mansr.com/raw https://access.red • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2017-15642
https://notcve.org/view.php?id=CVE-2017-15642
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. En lsx_aiffstartread en aiff.c en Sound eXchange (SoX), versión 14.4.2, hay una vulnerabilidad de uso de memoria previamente liberada, desencadenada mediante un archivo AIFF mal formado. • https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://lists.debian.org/debian-lts-announce/2019/02/msg00042.html https://security.gentoo.org/glsa/201810-02 https://sourceforge.net/p/sox/bugs/297 https://sourceforge.net/p/sox/bugs/298 • CWE-416: Use After Free •
CVE-2017-15371
https://notcve.org/view.php?id=CVE-2017-15371
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. Hay una cancelación de aserción alcanzable en la función sox_append_comment() en formats.c en Sound eXchange (SoX) 14.4.2. Se podría realizar un ataque de denegación de servicio con unos valores de entrada especialmente manipulados durante la conversión de un archivo de audio. • https://bugzilla.redhat.com/show_bug.cgi?id=1500570 https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html https://security.gentoo.org/glsa/201810-02 • CWE-617: Reachable Assertion •