CVE-2019-8356

Name of the Vulnerable Software and Affected Versions SoX version 14.4.2

Description The issue is related to the bitrv2 function in the fft4g.c file of the SoX audio editor, which is associated with a buffer overflow in memory. This can be exploited by a remote attacker to cause a denial of service. The problem arises because one of the arguments to the bitrv2 function is not properly guarded, leading to a stack-based buffer overflow, where write access can occur outside of the statically declared array.

Recommendations For SoX version 14.4.2, consider disabling the bitrv2 function in fft4g.c as a temporary workaround until a patch is available. Restrict access to the fft4g.c module to minimize the risk of exploitation. Avoid using the affected argument in the bitrv2 function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.