Vulnerability CVE-2019-13590: Information
Description
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Published: July 14, 2019
Modified: Feb. 10, 2023
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
sox | sisyphus | 14.4.2-alt7 | 14.4.2-alt7 | ALT-PU-2024-6289-3 | 344866 | Fixed |
sox | sisyphus_e2k | 14.4.2-alt7 | 14.4.2-alt7 | ALT-PU-2024-6551-1 | - | Fixed |
sox | sisyphus_riscv64 | 14.4.2-alt7 | 14.4.2-alt7 | ALT-PU-2024-6403-1 | - | Fixed |
sox | sisyphus_loongarch64 | 14.4.2-alt7 | 14.4.2-alt7 | ALT-PU-2024-6418-1 | - | Fixed |
sox | p10 | 14.4.2-alt7 | 14.4.2-alt7 | ALT-PU-2024-6378-3 | 344935 | Fixed |
sox | p10_e2k | 14.4.2-alt7 | 14.4.2-alt7 | ALT-PU-2024-6891-1 | - | Fixed |
sox | c10f1 | 14.4.2-alt7 | 14.4.2-alt7 | ALT-PU-2024-6855-3 | 345456 | Fixed |
sox | c9f2 | 14.4.2-alt7 | 14.4.2-alt7 | ALT-PU-2024-6966-3 | 345644 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://sourceforge.net/p/sox/bugs/325/ |
|
[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update |