{"containers": {"cna": {"affected": [{"product": "SoX - Sound eXchange", "vendor": "Sourceforge", "versions": [{"status": "affected", "version": "\u2264 14.4.2"}]}], "descriptions": [{"lang": "en", "value": "SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds Read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-15T13:44:55", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/sox/bugs/299/"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010004", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SoX - Sound eXchange", "version": {"version_data": [{"version_value": "\u2264 14.4.2"}]}}]}, "vendor_name": "Sourceforge"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://sourceforge.net/p/sox/bugs/299/", "refsource": "MISC", "url": "https://sourceforge.net/p/sox/bugs/299/"}, {"name": "https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219", "refsource": "MISC", "url": "https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.416Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/sox/bugs/299/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010004", "datePublished": "2019-07-15T01:44:34", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.416Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sound_exchange_project:sound_exchange:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FB3FA1C-FBCE-4D0A-90AB-68D2F7EF2686", "versionEndIncluding": "14.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189."}, {"lang": "es", "value": "SoX - Sound eXchange versi\u00f3n 14.4.2 y anteriores, est\u00e1n afectados por: Lectura Fuera de L\u00edmites. El impacto es: Denegaci\u00f3n de Servicio. El componente es: la funci\u00f3n read_samples en el archivo xa.c: 219. El vector de ataque es: Una v\u00edctima necesita abrir un archivo .xa especialmente dise\u00f1ado."}], "id": "CVE-2019-1010004", "lastModified": "2019-08-02T18:31:41.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-15T02:15:10.213", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/sox/bugs/299/"}, {"source": "josh@bress.net", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "sox: OOB read in function read_samples in xa.c:219 causing denial of service", "id": "1730577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730577"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125->CWE-400", "details": ["SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.", "An out-of-bounds read vulnerability was found in sox, due to insufficient validation of input data. An attacker could abuse this flaw by crafting a sound file that can cause the system to crash when read by sox or by an application using the sox library."], "name": "CVE-2019-1010004", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "sox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "sox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "sox", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2019-07-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-1010004\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1010004"], "statement": "This issue is only a security vulnerability for applications linking against libsox, that may be caused to crash prematurely or even, under special circumstances, disclose sensitive memory contents. Attacks against the sox binaries do not constitute a security threat since these are all short-run programs that do not hold sensitive data in memory.", "threat_severity": "Low"}