CVE-2019-8357

Priority
Description
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c
allows a NULL pointer dereference.
Notes
 It was discovered that SoX incorrectly handled certain MP3 files. An attacker
 could possibly use this issue to cause a denial of service. (CVE-2019-8354,
 CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)
Package
Source: sox (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (14.4.1-5+deb8u4ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (14.4.2-3ubuntu0.18.04.1)
Ubuntu 19.04 (Disco Dingo):released (14.4.2-3ubuntu0.19.04.1)
Ubuntu 19.10 (Eoan):released (14.4.2+git20190427-1)
More Information

Updated: 2019-08-16 15:14:28 UTC (commit 5361c67d07aa5974ee5576195f5ae50712d72c5c)