[3.10] sox: Multiple vulnerabilities (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)
CVE-2019-8354: An issue was discovered in SoX 14.4.2. lsx_make_lpf
in effect_i_dsp.c has an integer
overflow on the result of multiplication fed into malloc. When the
buffer is allocated, it is smaller than expected,
leading to a heap-based buffer overflow.
Reference:
https://sourceforge.net/p/sox/bugs/319
Patch:
https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/
CVE-2019-8355: An issue was discovered in SoX 14.4.2. In xmalloc.h,
there is an integer overflow on the result of
multiplication fed into the lsx_valloc macro that wraps malloc. When
the buffer is allocated, it is smaller than expected,
leading to a heap-based buffer overflow in channels_start in remix.c.
Reference:
https://sourceforge.net/p/sox/bugs/320
Patch:
https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/
CVE-2019-8356: An issue was discovered in SoX 14.4.2. One of the
arguments to bitrv2 in fft4g.c is not guarded, such that
it can lead to write access outside of the statically declared array,
aka a stack-based buffer overflow.
Reference:
https://sourceforge.net/p/sox/bugs/321
Patch:
https://sourceforge.net/p/sox/code/ci/b7883ae1398499daaa926ae6621f088f0f531ed8/
CVE-2019-8357: An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
Reference:
https://sourceforge.net/p/sox/bugs/318
Patch:
https://sourceforge.net/p/sox/code/ci/2ce02fea7b350de9ddfbcf542ba4dd59a8ab255b/
(from redmine: issue id 10523, created on 2019-05-31)
- Relations:
- parent #10522 (closed)