UBUNTU-CVE-2019-8354
- Source
- https://ubuntu.com/security/CVE-2019-8354
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-8354.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-8354
- Related
- Published
- 2019-02-15T00:00:00Z
- Modified
- 2025-01-13T10:21:54Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- 5.0 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / sox
Package
- Name
- sox
- Purl
- pkg:deb/ubuntu/sox@14.4.1-3ubuntu1.1+esm1?arch=source&distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.4.1-3ubuntu1.1+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-dev"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-all"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-alsa"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-alsa-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-ao"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-ao-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-base"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-base-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-mp3"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-mp3-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-oss"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-oss-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-pulse"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox-fmt-pulse-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox2"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "libsox2-dbgsym"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "sox"
},
{
"binary_version": "14.4.1-3ubuntu1.1+esm1",
"binary_name": "sox-dbgsym"
}
]
}
Ubuntu:16.04:LTS / sox
Package
- Name
- sox
- Purl
- pkg:deb/ubuntu/sox@14.4.1-5+deb8u4ubuntu0.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.4.1-5+deb8u4ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-dev"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-all"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-alsa"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-alsa-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-ao"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-ao-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-base"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-base-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-mp3"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-mp3-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-oss"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-oss-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-pulse"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox-fmt-pulse-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox2"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "libsox2-dbgsym"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "sox"
},
{
"binary_version": "14.4.1-5+deb8u4ubuntu0.1",
"binary_name": "sox-dbgsym"
}
]
}
Ubuntu:18.04:LTS / sox
Package
- Name
- sox
- Purl
- pkg:deb/ubuntu/sox@14.4.2-3ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.4.2-3ubuntu0.18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-dev"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-all"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-alsa"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-alsa-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-ao"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-ao-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-base"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-base-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-mp3"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-mp3-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-oss"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-oss-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-pulse"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox-fmt-pulse-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox3"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "libsox3-dbgsym"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "sox"
},
{
"binary_version": "14.4.2-3ubuntu0.18.04.1",
"binary_name": "sox-dbgsym"
}
]
}