Skip to main content

Sound Exchange CVE-2019-1010004

MEDIUM
Out-of-bounds Read (CWE-125)
2019-07-15 josh@bress.net
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 15, 2019 - 02:15 nvd
MEDIUM 5.5

DescriptionNVD

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.

AnalysisAI

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189. Affected products include: Sound Exchange Project Sound Exchange.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2014-8145 HIGH POC
7.5 Dec 31

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecifi

CVE-2023-34432 HIGH POC
7.8 Jul 10

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated h

CVE-2017-11358 MEDIUM POC
5.5 Jul 31

The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service

CVE-2017-11359 MEDIUM POC
5.5 Jul 31

The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (d

CVE-2017-11332 MEDIUM POC
5.5 Jul 31

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (div

CVE-2017-15372 MEDIUM POC
5.5 Oct 16

There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14

CVE-2017-15370 MEDIUM POC
5.5 Oct 16

There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. Rated mediu

CVE-2017-15371 MEDIUM POC
5.5 Oct 16

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. R

CVE-2022-31651 MEDIUM POC
5.5 May 25

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. Rated medium severity (CVSS 5.5), this

CVE-2022-31650 MEDIUM POC
5.5 May 25

In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. Rated medium severity (C

CVE-2019-13590 MEDIUM POC
5.5 Jul 14

An issue was discovered in libsox.a in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentica

CVE-2019-8356 MEDIUM POC
5.5 Feb 15

An issue was discovered in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication require

Share

CVE-2019-1010004 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy