blob: dd782192a59e90b352e3b0503fa2dc43051f7c95 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200407-23">
<title>SoX: Multiple buffer overflows</title>
SoX contains two buffer overflow vulnerabilities in the WAV header parser
<product type="ebuild">SoX</product>
<announced>July 30, 2004</announced>
<revised>May 22, 2006: 02</revised>
<package name="media-sound/sox" auto="yes" arch="*">
<unaffected range="ge">12.17.4-r2</unaffected>
<vulnerable range="le">12.17.4-r1</vulnerable>
SoX is a command line utility that can convert various formats of
computer audio files in to other formats.
Ulf Harnhammar discovered two buffer overflows in the sox and play
commands when handling WAV files with specially crafted header fields.
<impact type="normal">
By enticing a user to play or convert a specially crafted WAV file an
attacker could execute arbitrary code with the permissions of the user
running SoX.
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of SoX.
All SoX users should upgrade to the latest version:
# emerge sync
# emerge -pv &quot;&gt;=media-sound/sox-12.17.4-r2&quot;
# emerge &quot;&gt;=media-sound/sox-12.17.4-r2&quot;</code>
<uri link="">Full Disclosure Announcement</uri>
<uri link="">CVE-2004-0557</uri>
<metadata tag="submitter">