Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-13590

Опубликовано: 06 авг. 2019
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

Отчет

This is only an issue when using the 32bit version of the library.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5soxNot affected
Red Hat Enterprise Linux 6soxOut of support scope
Red Hat Enterprise Linux 7soxFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-190->CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1737764sox: integer overflow in libsox.a leading to a NULL pointer dereference

EPSS

Процентиль: 47%
0.00237
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-13590

CVSS3: 5.5
ubuntu
больше 6 лет назад

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

nvd логотип

CVE-2019-13590

CVSS3: 5.5
nvd
больше 6 лет назад

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

debian логотип

CVE-2019-13590

CVSS3: 5.5
debian
больше 6 лет назад

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (start ...

github логотип

GHSA-x9xw-c3gx-4f2m

CVSS3: 5.5
github
больше 3 лет назад

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

fstec логотип

BDU:2019-02928

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость функции startread библиотеки libsox.a аудиоредактора Sound eXchange (SoX), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 47%
0.00237
Низкий

3.3 Low

CVSS3

Уязвимость CVE-2019-13590