CVE-2004-0557

SoX 12.17.2-12.17.4 - Remote Code Execution via WAV File Header Fields

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-0557. PoCs published by Rave, Serkan Akpolat.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in SoX (Sound eXchange) versions prior to 12.17.1. It crafts a malicious WAV file that, when processed, executes arbitrary shellcode to bind a shell on port 5074.

Description

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Rave · clocallinux
https://www.exploit-db.com/exploits/374

This exploit targets a stack overflow vulnerability in SoX (Sound eXchange) versions prior to 12.17.1. It crafts a malicious WAV file that, when processed, executes arbitrary shellcode to bind a shell on port 5074.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SoX (Sound eXchange) < 12.17.1
No auth needed
Prerequisites: Target must process the malicious WAV file · SoX must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Serkan Akpolat · perllocallinux
https://www.exploit-db.com/exploits/369

This exploit leverages a stack overflow vulnerability in SoX (Sound eXchange) by crafting a malicious WAV file. The payload includes a shellcode that spawns a shell when the file is processed by the vulnerable software.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SoX (Sound eXchange) versions affected by CVE-2004-0557
No auth needed
Prerequisites: Vulnerable version of SoX installed · Ability to deliver the malicious WAV file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Issue Tracking vendor-advisory x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=1945
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-409.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10819
Vendor Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200407-23.xml
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9801
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12175
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16827
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-565
Various Sources vendor-advisory x_refsource_fedora
http://lwn.net/Articles/95530/
Various Sources vendor-advisory x_refsource_fedora
http://lwn.net/Articles/95529/
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:076
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000855
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2004/Jul/1227.html

Scores

EPSS 0.2508
EPSS Percentile 97.7%

Details

Status published
Products (11)
conectiva/linux 8.0
conectiva/linux 9.0
conectiva/linux 10.0
gentoo/linux 1.4
redhat/enterprise_linux 3.0 (3 CPE variants)
redhat/enterprise_linux_desktop 3.0
redhat/fedora_core core_1.0
redhat/fedora_core core_2.0
sox/sox 12.17.2
sox/sox 12.17.3
... and 1 more
Published Aug 06, 2004
Tracked Since Feb 18, 2026