Vulnerabilities > CVE-2019-13590 - NULL Pointer Dereference vulnerability in Sound Exchange Project Sound Exchange 14.4.2

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
sound-exchange-project
CWE-476

Summary

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

Vulnerable Configurations

Part Description Count
Application
Sound_Exchange_Project
1

Common Weakness Enumeration (CWE)