Bug 1730577 (CVE-2019-1010004)
Summary: | CVE-2019-1010004 sox: OOB read in function read_samples in xa.c:219 causing denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | felix, hhorak, hobbes1069, jkucera, tsmetana |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
An out-of-bounds read vulnerability was found in sox, due to insufficient validation of input data. An attacker could abuse this flaw by crafting a sound file that can cause the system to crash when read by sox or by an application using the sox library.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-27 10:55:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1730578, 1744380 | ||
Bug Blocks: | 1730579 |
Description
Dhananjay Arunesh
2019-07-17 07:32:03 UTC
Created sox tracking bugs for this issue: Affects: fedora-all [bug 1730578] Statement: This issue is only a security vulnerability for applications linking against libsox, that may be caused to crash prematurely or even, under special circumstances, disclose sensitive memory contents. Attacks against the sox binaries do not constitute a security threat since these are all short-run programs that do not hold sensitive data in memory. |