PT-2019-2905 · Sox+2 · Sox+2

Hendra Gunadi

Publicado

2019-02-15

Atualizado

2025-01-10

CVE-2019-8356

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SoX version 14.4.2

Description The issue is related to the bitrv2 function in the fft4g.c file of the SoX audio editor, which is associated with a buffer overflow in memory. This can be exploited by a remote attacker to cause a denial of service. The problem arises because one of the arguments to the bitrv2 function is not properly guarded, leading to a stack-based buffer overflow, where write access can occur outside of the statically declared array.

Recommendations For SoX version 14.4.2, consider disabling the bitrv2 function in fft4g.c as a temporary workaround until a patch is available. Restrict access to the fft4g.c module to minimize the risk of exploitation. Avoid using the affected argument in the bitrv2 function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-129CWE-787CWE-119

Identificadores relacionados

ALT-PU-2024-6289

ALT-PU-2024-6378

ALT-PU-2024-6855

ALT-PU-2024-6966

BDU:2019-02874

CVE-2019-8356

DLA-1808-1

MGASA-2020-0045

OESA-2025-1020

USN-4079-1

USN-4079-2

Produtos afetados

Alt Linux

Sox

Ubuntu

PT-2019-2905 · Sox+2 · Sox+2

CVE-2019-8356

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33