Denial of service in SoX



Published: 2019-02-19 | Updated: 2019-07-18
Risk Low
Patch available NO
Number of vulnerabilities 6
CVE-ID CVE-2019-8357
CVE-2019-8356
CVE-2019-8354
CVE-2019-8355
CVE-2019-1010004
CVE-2019-13590
CWE-ID CWE-476
CWE-121
CWE-190
CWE-125
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Vulnerable software
Subscribe
SoX
Client/Desktop applications / Multimedia software

Vendor sox.sourceforge.net

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

UPDATED: 18.07.2019
Added vulnerabilities #5-6.

1) NULL pointer dereference

EUVDB-ID: #VU17766

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-8357

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in n the lsx_make_lpf function, as defined in the effect_i_dsp.c source code file. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the sox command and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SoX: 14.4.2

External links

http://sourceforge.net/p/sox/bugs/318


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Stack-based buffer overflow

EUVDB-ID: #VU17767

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-8356

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper protection on an argument passed to the bitrv2 function, as defined in the fft4g.c source code file of the affected software. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the sox command, trigger a stack-based buffer overflow condition and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SoX: 14.4.2

External links

http://sourceforge.net/p/sox/bugs/321/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Integer overflow

EUVDB-ID: #VU17768

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-8354

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in lsx_make_lpf in effect_i_dsp.c when handling malicious input. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the sox command, trigger a heap-based buffer overflow condition and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SoX: 14.4.2

External links

http://sourceforge.net/p/sox/bugs/319/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Integer overflow

EUVDB-ID: #VU17769

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-8355

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in xmalloc.h when handling malicious input. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the sox command, trigger a heap-based buffer overflow condition channels_start in remix.c and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SoX: 14.4.2

External links

http://sourceforge.net/p/sox/bugs/320


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Out-of-bounds read

EUVDB-ID: #VU19244

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-1010004

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists due to an out-of-bounds read condition in the "read_samples" function in the "xa.c" file. A remote attacker can trick a victim to open a specially crafted .xa file and crash the affected application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SoX: 12.16.0 - 14.4.2

External links

http://sourceforge.net/p/sox/bugs/299/
http://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) NULL pointer dereference

EUVDB-ID: #VU19252

Risk: Low

CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-13590

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libsox.a file. A remote attacker can create a specially crafted file, trick the victim into opening it and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SoX: 14.4.2

External links

http://sourceforge.net/p/sox/bugs/325/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###