First published: Fri Feb 15 2019(Updated: )
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sound Exchange Project Sound Exchange | =14.4.2 | |
debian/sox | 14.4.2+git20190427-2+deb11u2 14.4.2+git20190427-3.5 14.4.2+git20190427-5 | |
=14.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8357 is a vulnerability found in SoX 14.4.2 that allows a NULL pointer dereference.
The severity of CVE-2019-8357 is medium with a severity value of 5.5.
CVE-2019-8357 impacts SoX by allowing a NULL pointer dereference, which can lead to a denial-of-service condition or possibly remote code execution.
To fix the CVE-2019-8357 vulnerability in SoX, update to version 14.4.2 or later.
More information about CVE-2019-8357 can be found at the following links: [CVE-2019-8357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8357), [SoX Bug Report](https://sourceforge.net/p/sox/bugs/318), [Ubuntu Security Notice](https://ubuntu.com/security/notices/USN-4079-1).