| ID |
CVE-2004-0557
|
| Summary |
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:sox:sox:12.17.2:*:*:*:*:*:*:*
cpe:2.3:a:sox:sox:12.17.2:*:*:*:*:*:*:*
-
cpe:2.3:a:sox:sox:12.17.3:*:*:*:*:*:*:*
cpe:2.3:a:sox:sox:12.17.3:*:*:*:*:*:*:*
-
cpe:2.3:a:sox:sox:12.17.4:*:*:*:*:*:*:*
cpe:2.3:a:sox:sox:12.17.4:*:*:*:*:*:*:*
-
cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*
-
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
-
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
-
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 11-10-2017 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2013-04-29T04:22:22.072-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | | oval | oval:org.mitre.oval:def:11782 |
| comment | CentOS Linux 3.x | | oval | oval:org.mitre.oval:def:16651 |
| | description | Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields. | | family | unix | | id | oval:org.mitre.oval:def:9801 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. | | version | 28 |
|
| redhat
via4
|
| advisories | | | rpms | - sox-0:12.17.4-4.3
- sox-debuginfo-0:12.17.4-4.3
- sox-devel-0:12.17.4-4.3
|
|
| refmap
via4
|
| bid | 10819 | | conectiva | CLA-2004:855 | | debian | DSA-565 | | fedora | - FEDORA-2004-235
- FEDORA-2004-244
- FLSA:1945
| | fulldisc | 20040728 SoX buffer overflows when handling .WAV files | | gentoo | GLSA-200407-23 | | mandrake | MDKSA-2004:076 | | secunia | 12175 | | vulnwatch | 20040728 SoX buffer overflows when handling .WAV files | | xf | sox-wav-bo(16827) |
|
| Last major update |
11-10-2017 - 01:29 |
| Published |
06-08-2004 - 04:00 |
| Last modified |
11-10-2017 - 01:29 |
