CVE-2019-8356

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.

Published: Feb 16, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-8356
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-787
CWE-129

Affected Software
References

Software	From	Fixed in
sound_exchange_project / sound_exchange	14.4.2	14.4.2.x

https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html
https://sourceforge.net/p/sox/bugs/321
https://usn.ubuntu.com/4079-1/
https://usn.ubuntu.com/4079-2/

Vulnerability Database

289,697

CVE-2019-8356