CVE-2004-0557

2004-08-0604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0557

buffer overflow

st_wavstartread

sox

remote code execution

wav file

nvd

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.268 Low

EPSS

Percentile

96.7%

JSON

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

CPENameOperatorVersion
conectiva:linuxconectiva linuxeq9.0
sox:soxsoxeq12.17.4
sox:soxsoxeq12.17.2
conectiva:linuxconectiva linuxeq8.0
sox:soxsoxeq12.17.3
conectiva:linuxconectiva linuxeq10.0
redhat:fedora_coreredhat fedora coreeqcore_2.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq3.0
redhat:enterprise_linuxredhat enterprise linuxeq3.0
redhat:fedora_coreredhat fedora coreeqcore_1.0

CPE	Name	Operator	Version
conectiva:linux	conectiva linux	eq	9.0
sox:sox	sox	eq	12.17.4
sox:sox	sox	eq	12.17.2
conectiva:linux	conectiva linux	eq	8.0
sox:sox	sox	eq	12.17.3
conectiva:linux	conectiva linux	eq	10.0
redhat:fedora_core	redhat fedora core	eq	core_2.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	3.0
redhat:enterprise_linux	redhat enterprise linux	eq	3.0
redhat:fedora_core	redhat fedora core	eq	core_1.0