Joined: 13 Jun 2003
Location: Barcelona, Spain
|Posted: Fri Jul 30, 2004 3:04 pm Post subject: [ GLSA 200407-23 ] SoX: Multiple buffer overflows
|Gentoo Linux Security Advisory
Title: SoX: Multiple buffer overflows (GLSA 200407-23)
Date: July 30, 2004
Updated: May 22, 2006
SoX contains two buffer overflow vulnerabilities in the WAV header parser code.
SoX is a command line utility that can convert various formats of computer audio files in to other formats.
Vulnerable: <= 12.17.4-r1
Unaffected: >= 12.17.4-r2
Architectures: All supported architectures
Ulf Harnhammar discovered two buffer overflows in the sox and play commands when handling WAV files with specially crafted header fields.
By enticing a user to play or convert a specially crafted WAV file an attacker could execute arbitrary code with the permissions of the user running SoX.
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of SoX.
All SoX users should upgrade to the latest version:
|# emerge sync
# emerge -pv ">=media-sound/sox-12.17.4-r2"
# emerge ">=media-sound/sox-12.17.4-r2"
Full Disclosure Announcement
Last edited by GLSA on Fri Oct 13, 2006 4:16 am; edited 6 times in total