GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Fri Jul 30, 2004 3:04 pm Post subject: [ GLSA 200407-23 ] SoX: Multiple buffer overflows |
|
|
Gentoo Linux Security Advisory
Title: SoX: Multiple buffer overflows (GLSA 200407-23)
Severity: normal
Exploitable: remote
Date: July 30, 2004
Updated: May 22, 2006
Bug(s): #58733
ID: 200407-23
Synopsis
SoX contains two buffer overflow vulnerabilities in the WAV header parser code.
Background
SoX is a command line utility that can convert various formats of computer audio files in to other formats.
Affected Packages
Package: media-sound/sox
Vulnerable: <= 12.17.4-r1
Unaffected: >= 12.17.4-r2
Architectures: All supported architectures
Description
Ulf Harnhammar discovered two buffer overflows in the sox and play commands when handling WAV files with specially crafted header fields.
Impact
By enticing a user to play or convert a specially crafted WAV file an attacker could execute arbitrary code with the permissions of the user running SoX.
Workaround
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of SoX.
Resolution
All SoX users should upgrade to the latest version: Code: | # emerge sync
# emerge -pv ">=media-sound/sox-12.17.4-r2"
# emerge ">=media-sound/sox-12.17.4-r2" |
References
Full Disclosure Announcement
CVE-2004-0557
Last edited by GLSA on Fri Oct 13, 2006 4:16 am; edited 6 times in total |
|