Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 309
    • Issues 309
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #166

Closed
Open
Created Jul 31, 2019 by Emily@emily🤖

user/sox: multiple vulnerabilities

Bugzilla ID 166
Alias(es) CVE-2017-11332, CVE-2017-11358, CVE-2017-11359, CVE-2017-15370, CVE-2017-15371, CVE-2017-15372, CVE-2017-15642, CVE-2017-18189, CVE-2019-1010004, CVE-2019-13590, CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2019-07-31 11:06:44 -0500
Modified 2020-03-29 02:24:40 -0500
Status RESOLVED FIXED
Version 1.0-BETA3
Hardware Adélie Linux / All
Importance --- / normal

Description

CVE-2017-11332: https://nvd.nist.gov/vuln/detail/CVE-2017-11332

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows
remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted wav file.

CVE-2017-11358: https://nvd.nist.gov/vuln/detail/CVE-2017-11358

The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2
allows remote attackers to cause a denial of service (invalid memory
read and application crash) via a crafted hcom file.

CVE-2017-11359: https://nvd.nist.gov/vuln/detail/CVE-2017-11359

The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2
allows remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted snd file, during conversion
to a wav file.

CVE-2017-15370: https://nvd.nist.gov/vuln/detail/CVE-2017-15370

There is a heap-based buffer overflow in the ImaExpandS function of
ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to
a denial of service attack during conversion of an audio file.

CVE-2017-15371: https://nvd.nist.gov/vuln/detail/CVE-2017-15371

There is a reachable assertion abort in the function
sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A
Crafted input will lead to a denial of service attack during
conversion of an audio file.

CVE-2017-15372: https://nvd.nist.gov/vuln/detail/CVE-2017-15372

There is a stack-based buffer overflow in the
lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange
(SoX) 14.4.2. A Crafted input will lead to a denial of service attack
during conversion of an audio file.

CVE-2017-15642: https://nvd.nist.gov/vuln/detail/CVE-2017-15642

In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there
is a Use-After-Free vulnerability triggered by supplying a malformed
AIFF file.

CVE-2017-18189: https://nvd.nist.gov/vuln/detail/CVE-2017-18189

In the startread function in xa.c in Sound eXchange (SoX) through
14.4.2, a corrupt header specifying zero channels triggers an infinite
loop with a resultant NULL pointer dereference, which may allow a
remote attacker to cause a denial-of-service.

CVE-2019-1010004: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds
Read. The impact is: Denial of Service. The component is: read_samples
function at xa.c:219. The attack vector is: Victim must open specially
crafted .xa file. NOTE: this may overlap CVE-2017-18189.

CVE-2019-8354: https://nvd.nist.gov/vuln/detail/CVE-2019-8354

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c
has an integer overflow on the result of multiplication fed into
malloc. When the buffer is allocated, it is smaller than expected,
leading to a heap-based buffer overflow.

CVE-2019-8355: https://nvd.nist.gov/vuln/detail/CVE-2019-8355

An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an
integer overflow on the result of multiplication fed into the
lsx_valloc macro that wraps malloc. When the buffer is allocated, it
is smaller than expected, leading to a heap-based buffer overflow in
channels_start in remix.c.

CVE-2019-8356: https://nvd.nist.gov/vuln/detail/CVE-2019-8356

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2
in fft4g.c is not guarded, such that it can lead to write access
outside of the statically declared array, aka a stack-based buffer
overflow.

CVE-2019-8357: https://nvd.nist.gov/vuln/detail/CVE-2019-8357

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c
allows a NULL pointer dereference.

CVE-2019-13590: https://nvd.nist.gov/vuln/detail/CVE-2019-13590

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h
(startread function), there is an integer overflow on the result of
integer addition (wraparound to 0) fed into the lsx_calloc macro that
wraps malloc. When a NULL pointer is returned, it is used without a
prior check that it is a valid pointer, leading to a NULL pointer
dereference on lsx_readbuf in formats_i.c.

Assignee
Assign to
Time tracking