FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

SoX buffer overflows when handling .WAV files

Affected packages
12.17.1 < sox <= 12.17.4_1

Details

VuXML ID 3e4ffe76-e0d4-11d8-9b0a-000347a4fa7d
Discovery 2004-07-28
Entry 2004-08-26

Ulf Härnhammar discovered a pair of buffer overflows in the WAV file handling code of SoX. If an attacker can cause her victim to process a specially-crafted WAV file with SoX (e.g. through social engineering or through some other program that relies on SoX), arbitrary code can be executed with the privileges of the victim.

References

CVE Name CVE-2004-0557
Message 1091040793.4107f6193d81a@webmail.uu.se
URL http://secunia.com/advisories/12175
URL http://www.osvdb.org/8267