Fix CVE-2019-13590

Brought to you by: cbagwell, mansr, robs, rrt, uklauer

#118 Fix CVE-2019-13590

Milestone: None

Status: closed-rejected

Owner: nobody

Labels: None

Priority: 5

Updated: 2020-02-04

Created: 2020-02-04

Creator: Judy Hsiao

Private: No

bug reference: https://sourceforge.net/p/sox/bugs/325/
This issue is also reported as CVE-2019-13590

Patch Detail:
Fix sox-14.4.2 NULL pointer dereference on lsx_readbuf in formats_i.c by
doing a prior check that it is a valid pointer before passing into lsx_calloc.

Test: run soxi sox-fmt_56_integer_overflow.mp3.
The soxi command should return a error: "premature EOF" rather than giving
a core dump.

1 Attachments

0001-Fix-CVE-2019-13590.patch

Discussion

Mans Rullgard - 2020-02-04

status: open --> closed-rejected

Group: -->
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mans Rullgard - 2020-02-04

This doesn't fix the bug.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Fix CVE-2019-13590

Group

Searches

Help

#118 Fix CVE-2019-13590

Discussion