VDB
CVE-2019-8356
CVE-2019-8356
PUBLISHED
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
EPSS 1.16% · 79.0th percentile
Risk Scores
EPSS Score
1.16%
79.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | sox | 14.4.1-5build1, 14.4.2-2, 14.4.2-3 |
| Ubuntu:Pro:14.04:LTS | sox | 0, 14.4.1-3, 14.4.1-3ubuntu1 |
| Ubuntu:16.04:LTS | sox | 14.4.1-5, 14.4.1-5ubuntu0.1, 0 |
Exploit Intelligence
- https://sourceforge.net/p/sox/bugs/321 (nist-nvd)
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1808-1] sox security update (circl)
- USN-4079-1 (circl)
- USN-4079-2 (circl)
Timeline
- Feb 15, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-8356 third-party-advisory
- https://sourceforge.net/p/sox/bugs/321 third-party-advisory
- https://ubuntu.com/security/notices/USN-4079-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4079-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-8356 third-party-advisory