Bug 1730577 (CVE-2019-1010004) - CVE-2019-1010004 sox: OOB read in function read_samples in xa.c:219 causing denial of service
Summary: CVE-2019-1010004 sox: OOB read in function read_samples in xa.c:219 causing d...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-1010004
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1730578 1744380
Blocks: 1730579
TreeView+ depends on / blocked
 
Reported: 2019-07-17 07:32 UTC by Dhananjay Arunesh
Modified: 2021-10-27 10:55 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read vulnerability was found in sox, due to insufficient validation of input data. An attacker could abuse this flaw by crafting a sound file that can cause the system to crash when read by sox or by an application using the sox library.
Clone Of:
Environment:
Last Closed: 2021-10-27 10:55:23 UTC
Embargoed:

Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-07-17 07:32:03 UTC 
A vulnerability was discovered in SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file.

Reference:
https://sourceforge.net/p/sox/bugs/299/
https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219
Comment 1 Dhananjay Arunesh 2019-07-17 07:32:24 UTC 
Created sox tracking bugs for this issue:

Affects: fedora-all [bug 1730578]
Comment 2 Doran Moppert 2019-08-22 02:20:46 UTC 
Statement:

This issue is only a security vulnerability for applications linking against libsox, that may be caused to crash prematurely or even, under special circumstances, disclose sensitive memory contents. Attacks against the sox binaries do not constitute a security threat since these are all short-run programs that do not hold sensitive data in memory.
Note You need to log in before you can comment on or make changes to this bug.