CVE-2004-0557
SoX - '.wav' Local Buffer Overflow
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
Múltiples desbordamientos de búfer en Sound eXchange (SoX) anteriores a 12.17 permite a atacantes remotos ejecutar código arbitrario mediante ciertos campos de cabecera de ficheros WAV.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-06-14 CVE Reserved
- 2004-08-01 First Exploit
- 2004-08-02 CVE Published
- 2023-07-10 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html | Mailing List | |
| http://seclists.org/fulldisclosure/2004/Jul/1227.html | Mailing List |
|
| http://secunia.com/advisories/12175 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16827 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9801 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/374 | 2004-08-04 | |
| https://www.exploit-db.com/exploits/369 | 2004-08-01 | |
| http://www.securityfocus.com/bid/10819 | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2004-409.html | 2017-10-11 |
| URL | Date | SRC |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000855 | 2017-10-11 | |
| http://lwn.net/Articles/95529 | 2017-10-11 | |
| http://lwn.net/Articles/95530 | 2017-10-11 | |
| http://www.debian.org/security/2004/dsa-565 | 2017-10-11 | |
| http://www.gentoo.org/security/en/glsa/glsa-200407-23.xml | 2017-10-11 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:076 | 2017-10-11 | |
| https://bugzilla.fedora.us/show_bug.cgi?id=1945 | 2017-10-11 | |
| https://access.redhat.com/security/cve/CVE-2004-0557 | 2004-07-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1617229 | 2004-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sox Search vendor "Sox" | Sox Search vendor "Sox" for product "Sox" | 12.17.2 Search vendor "Sox" for product "Sox" and version "12.17.2" | - |
Affected
| ||||||
| Sox Search vendor "Sox" | Sox Search vendor "Sox" for product "Sox" | 12.17.3 Search vendor "Sox" for product "Sox" and version "12.17.3" | - |
Affected
| ||||||
| Sox Search vendor "Sox" | Sox Search vendor "Sox" for product "Sox" | 12.17.4 Search vendor "Sox" for product "Sox" and version "12.17.4" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 8.0 Search vendor "Conectiva" for product "Linux" and version "8.0" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 9.0 Search vendor "Conectiva" for product "Linux" and version "9.0" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 10.0 Search vendor "Conectiva" for product "Linux" and version "10.0" | - |
Affected
| ||||||
| Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | 1.4 Search vendor "Gentoo" for product "Linux" and version "1.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0" | advanced_servers |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0" | enterprise_server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0" | workstation |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 3.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fedora Core Search vendor "Redhat" for product "Fedora Core" | core_1.0 Search vendor "Redhat" for product "Fedora Core" and version "core_1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fedora Core Search vendor "Redhat" for product "Fedora Core" | core_2.0 Search vendor "Redhat" for product "Fedora Core" and version "core_2.0" | - |
Affected
| ||||||