A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sox | Sox_project | 14.4.3 (including) | 14.4.3 (including) |
| Sox | Ubuntu | bionic | * |
| Sox | Ubuntu | esm-apps/bionic | * |
| Sox | Ubuntu | esm-apps/noble | * |
| Sox | Ubuntu | esm-apps/xenial | * |
| Sox | Ubuntu | focal | * |
| Sox | Ubuntu | jammy | * |
| Sox | Ubuntu | kinetic | * |
| Sox | Ubuntu | lunar | * |
| Sox | Ubuntu | mantic | * |
| Sox | Ubuntu | noble | * |
| Sox | Ubuntu | trusty | * |
| Sox | Ubuntu | trusty/esm | * |
| Sox | Ubuntu | upstream | * |
| Sox | Ubuntu | xenial | * |
Numeric calculation using floating point values can generate imprecise results because of rounding errors. As a result, two different calculations might generate numbers that are mathematically equal, but have slightly different bit representations that do not translate to the same mathematically-equal values. As a result, an equality test or other comparison might produce unexpected results. This issue can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.