SoX ".WAV" ICRD and ISFT Buffer Overflow ------------------------------------------------------------------------ SUMMARY SoX is a "universal sound sample translator". Two buffer overflows have been found in SoX, allowing a remote attacker that can fool a user into listening into a maliciously created WAV with the SoX product to execute arbitrary code under the user privileges. DETAILS Vulnerable Systems: * SoX version 12.17.4 and prior The two vulnerabilities can be found inside the wav.c file and are caused by inadequate testing done on the length received from the WAV header file. Both vulnerabilities are located inside the st_wavstartread().
*** This bug has been marked as a duplicate of 58733 ***