Medium severity5.5NVD Advisory· Published Jul 14, 2019· Updated Jun 17, 2026
CVE-2019-13590
CVE-2019-13590
Description
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- SoX/SoXdescription
- osv-coords5 versionspkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/sox&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP4pkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP5
< 14.4.2-bp154.2.3.1+ 4 more
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
- (no CPE)range: < 14.4.2-8.1
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
Patches
Vulnerability mechanics
References
2- sourceforge.net/p/sox/bugs/325/nvdExploitThird Party Advisory
- lists.debian.org/debian-lts-announce/2023/02/msg00009.htmlnvd
News mentions
0No linked articles in our index yet.