CVE-2019-1010004 — Out-of-bounds Read in Exchange Project Sound Exchange

CWE-125 — Out-of-bounds Read CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

5.5MEDIUMNVD

CNA7.5OSV7.5

EPSS

0.5%

top 35.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sound Exchange Project Sound Exchange Sourceforge SOX Sound Exchange

Timeline

PublishedJul 15

Latest updateMay 24

Description

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsound_exchange_project/sound_exchange14.4.2

▶CVEListV5sourceforge/sox_sound_exchange≤ 14.4.2

🔴Vulnerability Details

GHSA

GHSA-4xr6-8qpq-x858: SoX - Sound eXchange 14↗2022-05-24

▶

OSV

CVE-2019-1010004: SoX - Sound eXchange 14↗2019-07-15

▶

CVEList

CVE-2019-1010004: SoX - Sound eXchange 14↗2019-07-15

▶

📋Vendor Advisories

Red Hat

sox: OOB read in function read_samples in xa.c:219 causing denial of service↗2019-07-14

▶

Debian

CVE-2019-1010004: sox - SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The ...↗2019

▶

💬Community

Bugzilla

CVE-2019-1010004 sox: OOB read in function read_samples in xa.c:219 causing denial of service [fedora-all]↗2019-07-17

▶

Bugzilla

CVE-2019-1010004 sox: OOB read in function read_samples in xa.c:219 causing denial of service↗2019-07-17

▶