Description
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.
References (2)
Core 2
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html
Exploit, Third Party Advisory
https://sourceforge.net/p/sox/bugs/325/
Scores
CVSS v3
5.5
EPSS
0.0106
EPSS Percentile
60.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
CWE-476
Status
published
Products (1)
sound_exchange_project/sound_exchange
14.4.2
Published
Jul 14, 2019
Tracked Since
Feb 18, 2026