First published: Fri Feb 15 2019(Updated: )
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sound Exchange Project Sound Exchange | =14.4.2 | |
debian/sox | 14.4.2+git20190427-2+deb11u2 14.4.2+git20190427-3.5 14.4.2+git20190427-5 | |
=14.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8356 is a vulnerability in SoX 14.4.2 that can lead to a stack-based buffer overflow.
CVE-2019-8356 has a severity rating of 5.5, which is considered medium.
The affected software is SoX 14.4.2 and potentially other versions.
To fix CVE-2019-8356, update SoX to version 14.4.2 or higher.
More information on CVE-2019-8356 can be found at the following links: [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8356), [SourceForge](https://sourceforge.net/p/sox/bugs/321), [Ubuntu Security Notice](https://ubuntu.com/security/notices/USN-4079-1).