CVE-2019-8355Integer Overflow or Wraparound in Exchange Project Sound Exchange

CWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds Write12 documents8 sources
Severity
5.5MEDIUMNVD
OSV5.0
EPSS
0.5%
top 33.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sound Exchange Project Sound Exchange
Timeline
PublishedFeb 15
Latest updateMay 13

Description

An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

5
GHSA
GHSA-6fj7-6wcf-937v: An issue was discovered in SoX 142022-05-13
OSV
sox vulnerabilities2019-08-01
OSV
sox vulnerabilities2019-07-30
OSV
CVE-2019-8355: An issue was discovered in SoX 142019-02-15
CVEList
CVE-2019-8355: An issue was discovered in SoX 142019-02-15

📋Vendor Advisories

4
Ubuntu
SoX vulnerabilities2019-08-01
Ubuntu
SoX vulnerabilities2019-07-30
Red Hat
sox: integer overflow in xmalloc.h2019-02-07
Debian
CVE-2019-8355: sox - An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflo...2019

💬Community

2
Bugzilla
CVE-2019-8355 sox: integer overflow in xmalloc.h [fedora-all]2019-02-18
Bugzilla
CVE-2019-8355 sox: integer overflow in xmalloc.h2019-02-18
CVE-2019-8355 — Integer Overflow or Wraparound | cvebase