CVE-2019-8356
Summary
| CVE | CVE-2019-8356 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-15 23:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. |
Risk And Classification
Problem Types: CWE-787 | CWE-129
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sound Exchange Project | Sound Exchange | 14.4.2 | All | All | All |
| Application | Sound Exchange Project | Sound Exchange | 14.4.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] [DLA 1808-1] sox security update | MLIST | lists.debian.org | |
| USN-4079-2: SoX vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| USN-4079-1: SoX vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| SoX - Sound eXchange / Bugs / #321 Stack-Buffer-Overflow in fft4g.c | MISC | sourceforge.net | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.