CVE-2004-0557

Name of the Vulnerable Software and Affected Versions SoX versions 12.17.2 through 12.17.4

Description The issue involves multiple buffer overflows in the st wavstartread function in wav.c for Sound eXchange (SoX), which can be exploited remotely. This can lead to the execution of arbitrary code via certain WAV file header fields, potentially disrupting the confidentiality, integrity, and availability of protected information.

Recommendations For SoX versions 12.17.2 through 12.17.4, consider updating to a version outside of this range to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of the st wavstartread function in wav.c until a patch is available. Avoid using SoX to process untrusted WAV files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.