CVE-2019-13590

Published: Jul 14, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sourceforge.net/p/sox/bugs/325/

[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-13590

Description

Affected Products

References