CVE-2019-8356

EUVD-2019-17746
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
sound_exchange_projectsound_exchange
14.4.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sox
bookworm
14.4.2+git20190427-3.5
fixed
bullseye
14.4.2+git20190427-2+deb11u2
fixed
bullseye (security)
14.4.2+git20190427-2+deb11u2
fixed
sid
14.4.2+git20190427-5
fixed
trixie
14.4.2+git20190427-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sox
bionic
Fixed 14.4.2-3ubuntu0.18.04.1
released
cosmic
ignored
disco
Fixed 14.4.2-3ubuntu0.19.04.1
released
eoan
Fixed 14.4.2+git20190427-1
released
focal
Fixed 14.4.2+git20190427-1
released
groovy
Fixed 14.4.2+git20190427-1
released
hirsute
Fixed 14.4.2+git20190427-1
released
impish
Fixed 14.4.2+git20190427-1
released
jammy
Fixed 14.4.2+git20190427-1
released
trusty
Fixed 14.4.1-3ubuntu1.1+esm1
released
xenial
Fixed 14.4.1-5+deb8u4ubuntu0.1
released
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html
https://sourceforge.net/p/sox/bugs/321
https://usn.ubuntu.com/4079-1/
https://usn.ubuntu.com/4079-2/
https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html
https://sourceforge.net/p/sox/bugs/321
https://usn.ubuntu.com/4079-1/
https://usn.ubuntu.com/4079-2/