CVE-2004-0557

2004-08-0604:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.268

Percentile

96.8%

JSON

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

Affected configurations

Nvd

Node

soxsoxMatch12.17.2

soxsoxMatch12.17.3

soxsoxMatch12.17.4

conectivalinuxMatch8.0

conectivalinuxMatch9.0

conectivalinuxMatch10.0

Node

gentoolinuxMatch1.4

redhatenterprise_linuxMatch3.0advanced_servers

redhatenterprise_linuxMatch3.0enterprise_server

redhatenterprise_linuxMatch3.0workstation

redhatenterprise_linux_desktopMatch3.0

redhatfedora_coreMatchcore_1.0

redhatfedora_coreMatchcore_2.0

VendorProductVersionCPE
soxsox12.17.2cpe:2.3:a:sox:sox:12.17.2:*:*:*:*:*:*:*
soxsox12.17.3cpe:2.3:a:sox:sox:12.17.3:*:*:*:*:*:*:*
soxsox12.17.4cpe:2.3:a:sox:sox:12.17.4:*:*:*:*:*:*:*
conectivalinux8.0cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
conectivalinux9.0cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
conectivalinux10.0cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
gentoolinux1.4cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*

Vendor	Product	Version	CPE
sox	sox	12.17.2	cpe:2.3:a:sox:sox:12.17.2:::::::*
sox	sox	12.17.3	cpe:2.3:a:sox:sox:12.17.3:::::::*
sox	sox	12.17.4	cpe:2.3:a:sox:sox:12.17.4:::::::*
conectiva	linux	8.0	cpe:2.3:o:conectiva:linux:8.0:::::::*
conectiva	linux	9.0	cpe:2.3:o:conectiva:linux:9.0:::::::*
conectiva	linux	10.0	cpe:2.3:o:conectiva:linux:10.0:::::::*
gentoo	linux	1.4	cpe:2.3:o:gentoo:linux:1.4:::::::*
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_servers:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation:::::