CVE-2019-8357 in Ubuntu

CVE-2019-8357

Priority

Description

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c
allows a NULL pointer dereference.

Ubuntu-Description

It was discovered that SoX incorrectly handled certain MP3 files. An attacker
could possibly use this issue to cause a denial of service. (CVE-2019-8354,
CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8357
https://sourceforge.net/p/sox/bugs/318
https://ubuntu.com/security/notices/USN-4079-1
https://ubuntu.com/security/notices/USN-4079-2

Notes

Package

Source: sox (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (14.4.2-3ubuntu0.18.04.1)
Ubuntu 20.04 LTS:	released (14.4.2+git20190427-1)
Ubuntu 21.10:	released (14.4.2+git20190427-1)
Ubuntu 22.04 LTS:	released (14.4.2+git20190427-1)
Ubuntu 14.04 ESM:	needed

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-25 00:44:36 UTC (commit ecc1009cb19540b950de59270950018900f37f15)