Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1010004

Опубликовано: 14 июл. 2019
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.

An out-of-bounds read vulnerability was found in sox, due to insufficient validation of input data. An attacker could abuse this flaw by crafting a sound file that can cause the system to crash when read by sox or by an application using the sox library.

Отчет

This issue is only a security vulnerability for applications linking against libsox, that may be caused to crash prematurely or even, under special circumstances, disclose sensitive memory contents. Attacks against the sox binaries do not constitute a security threat since these are all short-run programs that do not hold sensitive data in memory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5soxOut of support scope
Red Hat Enterprise Linux 6soxOut of support scope
Red Hat Enterprise Linux 7soxFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1730577sox: OOB read in function read_samples in xa.c:219 causing denial of service

EPSS

Процентиль: 62%
0.00432
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-1010004

CVSS3: 5.5
ubuntu
больше 6 лет назад

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.

nvd логотип

CVE-2019-1010004

CVSS3: 5.5
nvd
больше 6 лет назад

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.

debian логотип

CVE-2019-1010004

CVSS3: 5.5
debian
больше 6 лет назад

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds ...

github логотип

GHSA-4xr6-8qpq-x858

github
больше 3 лет назад

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.

EPSS

Процентиль: 62%
0.00432
Низкий

3.3 Low

CVSS3