CVE-2004-0557 Affecting sox package, versions <12.17.4-9


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment

    Threat Intelligence

    Exploit Maturity
    Mature
    EPSS
    26.84% (97th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN9-SOX-292372
  • published 6 Aug 2004
  • disclosed 6 Aug 2004

How to fix?

Upgrade Debian:9 sox to version 12.17.4-9 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream sox package and not the sox package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

CVSS Scores

version 3.1
Expand this section

NVD

9.8 critical
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High