Rapid7 Vulnerability & Exploit Database

CESA-2004:409: sox security update

Back to Search

CESA-2004:409: sox security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/06/2004
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated sox packages that fix buffer overflows in the WAV file handling code are now available.

SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0557 to these issues. All users of sox should upgrade to these updated packages, which resolve these issues as well as fix a number of minor bugs.

Solution(s)

  • centos-upgrade-sox
  • centos-upgrade-sox-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;