CVE-2019-8354

Опубликовано: 15 фев. 2019

Источник: nvd

CVSS3: 5

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.

Ссылки

https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html
Mailing List
Third Party Advisory
https://sourceforge.net/p/sox/bugs/319
Issue Tracking
Third Party Advisory
https://usn.ubuntu.com/4079-1/
Third Party Advisory
https://usn.ubuntu.com/4079-2/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html
Mailing List
Third Party Advisory
https://sourceforge.net/p/sox/bugs/319
Issue Tracking
Third Party Advisory
https://usn.ubuntu.com/4079-1/
Third Party Advisory
https://usn.ubuntu.com/4079-2/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00494

Низкий

5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2019-8354

CVSS3: 5

ubuntu

почти 7 лет назад

CVE-2019-8354

CVSS3: 5.9

redhat

около 7 лет назад

CVE-2019-8354

CVSS3: 5

debian

почти 7 лет назад

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...

GHSA-7j68-5pq5-623j

CVSS3: 5

github

больше 3 лет назад

BDU:2019-02872

CVSS3: 5

fstec

почти 7 лет назад

Уязвимость функции lsx_make_lpf (effect_i_dsp.c) аудиоредактора Sound eXchange, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 65%

0.00494

Низкий

5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190