Source: sox Version: 14.4.2+git20190427-1 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/sox/bugs/325/
Hi, The following vulnerability was published for sox. CVE-2019-13590[0]: | An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h | (startread function), there is an integer overflow on the result of | integer addition (wraparound to 0) fed into the lsx_calloc macro that | wraps malloc. When a NULL pointer is returned, it is used without a | prior check that it is a valid pointer, leading to a NULL pointer | dereference on lsx_readbuf in formats_i.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13590 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13590 [1] https://sourceforge.net/p/sox/bugs/325/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore