Описание
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 14.4.2-3ubuntu0.18.04.1 |
| cosmic | ignored | end of life |
| devel | released | 14.4.2+git20190427-1 |
| disco | released | 14.4.2-3ubuntu0.19.04.1 |
| eoan | released | 14.4.2+git20190427-1 |
| esm-apps/bionic | released | 14.4.2-3ubuntu0.18.04.1 |
| esm-apps/focal | released | 14.4.2+git20190427-1 |
| esm-apps/jammy | released | 14.4.2+git20190427-1 |
| esm-apps/xenial | released | 14.4.1-5+deb8u4ubuntu0.1 |
| esm-infra-legacy/trusty | released | 14.4.1-3ubuntu1.1+esm1 |
Показывать по
4.3 Medium
CVSS2
5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
Уязвимость функции lsx_make_lpf (effect_i_dsp.c) аудиоредактора Sound eXchange, позволяющая нарушителю вызвать отказ в обслуживании
4.3 Medium
CVSS2
5 Medium
CVSS3