Unrated severityNVD Advisory· Published Jul 14, 2019· Updated Aug 4, 2024

CVE-2019-13590

Description

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

Affected products

SoX/SoXdescription
osv-coords5 versions
pkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/sox&distro=openSUSE%20Tumbleweed pkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP4 pkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP5
< 14.4.2-bp154.2.3.1+ 4 more
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
- (no CPE)range: < 14.4.2-8.1
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.debian.org/debian-lts-announce/2023/02/msg00009.htmlmitremailing-list
sourceforge.net/p/sox/bugs/325/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000