CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
96.8%
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
Vendor | Product | Version | CPE |
---|---|---|---|
sox | sox | 12.17.2 | cpe:2.3:a:sox:sox:12.17.2:*:*:*:*:*:*:* |
sox | sox | 12.17.3 | cpe:2.3:a:sox:sox:12.17.3:*:*:*:*:*:*:* |
sox | sox | 12.17.4 | cpe:2.3:a:sox:sox:12.17.4:*:*:*:*:*:*:* |
conectiva | linux | 8.0 | cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:* |
conectiva | linux | 9.0 | cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:* |
conectiva | linux | 10.0 | cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:* |
gentoo | linux | 1.4 | cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:* |
redhat | enterprise_linux | 3.0 | cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:* |
redhat | enterprise_linux | 3.0 | cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:* |
redhat | enterprise_linux | 3.0 | cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:* |
archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000855
lwn.net/Articles/95529/
lwn.net/Articles/95530/
seclists.org/fulldisclosure/2004/Jul/1227.html
secunia.com/advisories/12175
www.debian.org/security/2004/dsa-565
www.gentoo.org/security/en/glsa/glsa-200407-23.xml
www.mandriva.com/security/advisories?name=MDKSA-2004:076
www.redhat.com/support/errata/RHSA-2004-409.html
www.securityfocus.com/bid/10819
bugzilla.fedora.us/show_bug.cgi?id=1945
exchange.xforce.ibmcloud.com/vulnerabilities/16827
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9801