Bug 1141667 (CVE-2019-1010004) - VUL-1: CVE-2019-1010004: sox: 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219.
Summary: VUL-1: CVE-2019-1010004: sox: 14.4.2 and earlier is affected by: Out-of-bound...
Status: RESOLVED INVALID
Alias: CVE-2019-1010004
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P4 - Low : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/237123/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-16 14:14 UTC by Wolfgang Frisch
Modified: 2024-07-04 14:27 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-07-16 14:14:52 UTC 
CVE-2019-1010004

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The
impact is: Denial of Service. The component is: read_samples function at
xa.c:219. The attack vector is: Victim must open specially crafted .xa file.
NOTE: this may overlap CVE-2017-18189.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010004
https://sourceforge.net/p/sox/code/ci/master/tree/src/xa.c#l219
https://sourceforge.net/p/sox/bugs/299/
Comment 3 Wolfgang Frisch 2024-07-03 15:22:21 UTC 
This seems to have been forgotten. The original bug assignee is gone, so I simply submitted a fix myself.
https://build.opensuse.org/request/show/1185145
Comment 4 Wolfgang Frisch 2024-07-04 14:27:11 UTC 
Turns out CVE-2019-1010004 is a duplicate of CVE-2017-18189 which was fixed
long ago. Sorry for the noise. (boo#1141667)