CVE-2019-8356

CVE-2019-8356

Name

CVE-2019-8356

Description

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://sourceforge.net/p/sox/bugs/321
MLIST	https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html
UBUNTU	https://usn.ubuntu.com/4079-1/
UBUNTU	https://usn.ubuntu.com/4079-2/

Type

URI

Exploit

https://sourceforge.net/p/sox/bugs/321

MLIST

https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html

UBUNTU

https://usn.ubuntu.com/4079-1/

UBUNTU

https://usn.ubuntu.com/4079-2/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2:::::::*`	sound_exchange	== None	== 14.4.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2:*:*:*:*:*:*:*

sound_exchange

== None

== 14.4.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
sox	edge-community	14.4.2-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
sox	3.22-community	14.4.2-r5	None	fixed
sox	3.21-community	14.4.2-r5	None	fixed
sox	3.20-community	14.4.2-r5	None	fixed
sox	3.19-community	14.4.2-r5	None	fixed
sox	3.18-community	14.4.2-r5	None	fixed
sox	3.17-community	14.4.2-r5	None	fixed

Source package

Branch

Version

Maintainer

Status

sox

edge-community

14.4.2-r5

Natanael Copa <ncopa@alpinelinux.org>

fixed

sox

3.22-community