UBUNTU-CVE-2019-8355
- Source
- https://ubuntu.com/security/CVE-2019-8355
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-8355.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-8355
- Related
- Published
- 2019-02-15T00:00:00Z
- Modified
- 2025-01-13T10:21:54Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsxvalloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channelsstart in remix.c.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / sox
Package
- Name
- sox
- Purl
- pkg:deb/ubuntu/sox@14.4.1-3ubuntu1.1+esm1?arch=source&distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.4.1-3ubuntu1.1+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-dev"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-all"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-alsa"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-alsa-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-ao"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-ao-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-base"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-base-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-mp3"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-mp3-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-oss"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-oss-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-pulse"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-pulse-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox2"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox2-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "sox"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "sox-dbgsym"
}
]
}
Ubuntu:16.04:LTS / sox
Package
- Name
- sox
- Purl
- pkg:deb/ubuntu/sox@14.4.1-5+deb8u4ubuntu0.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.4.1-5+deb8u4ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-dev"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-all"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-alsa"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-alsa-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-ao"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-ao-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-base"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-base-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-mp3"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-mp3-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-oss"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-oss-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-pulse"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-pulse-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox2"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox2-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "sox"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "sox-dbgsym"
}
]
}
Ubuntu:18.04:LTS / sox
Package
- Name
- sox
- Purl
- pkg:deb/ubuntu/sox@14.4.2-3ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.4.2-3ubuntu0.18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-dev"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-all"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-alsa"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-alsa-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-ao"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-ao-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-base"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-base-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-mp3"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-mp3-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-oss"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-oss-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-pulse"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-pulse-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox3"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox3-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "sox"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "sox-dbgsym"
}
]
}