67482 – media-sound/sox: remote buffer overflow

Bug 67482 - media-sound/sox: remote buffer overflow

Summary: media-sound/sox: remote buffer overflow

Status:	RESOLVED DUPLICATE of bug 58733

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-10-13 16:04 UTC by Luke Macken (RETIRED)
Modified:	2011-10-30 22:38 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke Macken (RETIRED) gentoo-dev

2004-10-13 16:04:35 UTC

SoX ".WAV" ICRD and ISFT Buffer Overflow
------------------------------------------------------------------------


SUMMARY

SoX is a "universal sound sample translator". Two buffer overflows have 
been found in SoX, allowing a remote attacker that can fool a user into 
listening into a maliciously created WAV with the SoX product to execute 
arbitrary code under the user privileges.

DETAILS

Vulnerable Systems:
 * SoX version 12.17.4 and prior

The two vulnerabilities can be found inside the wav.c file and are caused 
by inadequate testing done on the length received from the WAV header 
file. Both vulnerabilities are located inside the st_wavstartread().

Comment 1 Luke Macken (RETIRED) gentoo-dev

2004-10-13 16:09:50 UTC


*** This bug has been marked as a duplicate of 58733 ***