CVE-2019-8356

Priority
Description
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in
fft4g.c is not guarded, such that it can lead to write access outside of
the statically declared array, aka a stack-based buffer overflow.
Ubuntu-Description
It was discovered that SoX incorrectly handled certain MP3 files. An attacker
could possibly use this issue to cause a denial of service. (CVE-2019-8354,
CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)
Package
Source: sox (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (14.4.1-5+deb8u4ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (14.4.2-3ubuntu0.18.04.1)
Ubuntu 19.04 (Disco Dingo):released (14.4.2-3ubuntu0.19.04.1)
Ubuntu 19.10 (Eoan):released (14.4.2+git20190427-1)
More Information

Updated: 2019-08-16 15:14:26 UTC (commit 5361c67d07aa5974ee5576195f5ae50712d72c5c)