A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sound_exchange | Sound_exchange_project | 14.4.3 (including) | 14.4.3 (including) |
| Sox | Ubuntu | bionic | * |
| Sox | Ubuntu | esm-apps/focal | * |
| Sox | Ubuntu | esm-apps/jammy | * |
| Sox | Ubuntu | esm-apps/xenial | * |
| Sox | Ubuntu | esm-infra-legacy/trusty | * |
| Sox | Ubuntu | focal | * |
| Sox | Ubuntu | jammy | * |
| Sox | Ubuntu | kinetic | * |
| Sox | Ubuntu | trusty | * |
| Sox | Ubuntu | trusty/esm | * |
| Sox | Ubuntu | xenial | * |
Numeric calculation using floating point values can generate imprecise results because of rounding errors. As a result, two different calculations might generate numbers that are mathematically equal, but have slightly different bit representations that do not translate to the same mathematically-equal values. As a result, an equality test or other comparison might produce unexpected results.