CVE-2019-1010004

Vulnerability

In SoX versions 14.4.2 and earlier, the read_samples function in xa.c at line 219 contains an out-of-bounds read vulnerability. The function reads from xa->buf[i] without proper bounds checking relative to the buffer size. This can occur when processing a specially crafted Maxis (.xa) audio file. The issue is referenced in the source code [1] and confirmed by a bug report [2].

Exploitation

An attacker must trick a victim into opening a specially crafted .xa file using SoX. The crafted file causes read_samples to access memory outside the allocated buffer, leading to a segmentation fault. The PoC provided in the bug report [2] demonstrates the exact bytes that trigger the crash (hex dump). No authentication or special privileges are required beyond normal file access.

Impact

Successful exploitation results in a denial of service (DoS) due to a segmentation fault, causing SoX to crash. The out-of-bounds read may also potentially lead to information disclosure, but the primary impact is DoS. The vulnerability affects all versions up to and including 14.4.2.

Mitigation

As of the publication date (2019-07-15), no official patch has been released. Users are advised to handle untrusted .xa files with caution and consider using alternative software. Note that this may overlap with CVE-2017-18189. No workaround is provided in the references.