CVE-2004-0557

SoX <12.17.4 - RCE

Title source: llm

Description

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Rave · clocallinux

https://www.exploit-db.com/exploits/374

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Serkan Akpolat · perllocallinux

https://www.exploit-db.com/exploits/369

View Code ZIP pw:eip

References (14)

[Issue Tracking] https://bugzilla.fedora.us/show_bug.cgi?id=1945

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-409.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/10819

[Vendor Advisory] http://www.gentoo.org/security/en/glsa/glsa-200407-23.xml

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9801

[Third Party Advisory] http://secunia.com/advisories/12175

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16827

[Third Party Advisory] http://www.debian.org/security/2004/dsa-565

[Various Sources] http://lwn.net/Articles/95530/

[Various Sources] http://lwn.net/Articles/95529/

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2004:076

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000855

[Mailing List] http://seclists.org/fulldisclosure/2004/Jul/1227.html

Scores

EPSS 0.4855

EPSS Percentile 97.8%

Details

Status published

Products (11)

conectiva/linux 8.0

conectiva/linux 9.0

conectiva/linux 10.0

gentoo/linux 1.4

redhat/enterprise_linux 3.0 (3 CPE variants)

redhat/enterprise_linux_desktop 3.0

redhat/fedora_core core_1.0

redhat/fedora_core core_2.0

sox/sox 12.17.2

sox/sox 12.17.3

... and 1 more

Published Aug 06, 2004

Tracked Since Feb 18, 2026