Vulnerabilities > CVE-2019-13590 - NULL Pointer Dereference vulnerability in Sound Exchange Project Sound Exchange 14.4.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |