Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-13590

Опубликовано: 14 июл. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.5

Описание

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

РелизСтатусПримечание
bionic

released

14.4.2-3ubuntu0.18.04.2
cosmic

ignored

end of life
devel

not-affected

14.4.2+git20190427-2
disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

released

14.4.2-3ubuntu0.18.04.2
esm-apps/focal

not-affected

14.4.2+git20190427-2
esm-apps/jammy

not-affected

14.4.2+git20190427-2
esm-apps/xenial

released

14.4.1-5+deb8u4ubuntu0.1+esm1
esm-infra-legacy/trusty

released

14.4.1-3ubuntu1.1+esm2

Показывать по

Ссылки на источники

EPSS

Процентиль: 47%
0.00237
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-13590

CVSS3: 3.3
redhat
больше 6 лет назад

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

nvd логотип

CVE-2019-13590

CVSS3: 5.5
nvd
больше 6 лет назад

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

debian логотип

CVE-2019-13590

CVSS3: 5.5
debian
больше 6 лет назад

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (start ...

github логотип

GHSA-x9xw-c3gx-4f2m

CVSS3: 5.5
github
больше 3 лет назад

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

fstec логотип

BDU:2019-02928

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость функции startread библиотеки libsox.a аудиоредактора Sound eXchange (SoX), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 47%
0.00237
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3