Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 3.0 |
| conectiva | linux | 9.0 |
| redhat | fedora_core | core_1.0 |
| sox | sox | 12.17.3 |
| redhat | enterprise_linux | 3.0 |
| conectiva | linux | 10.0 |
| gentoo | linux | 1.4 |
| sox | sox | 12.17.2 |
| redhat | fedora_core | core_2.0 |
| conectiva | linux | 8.0 |
| sox | sox | 12.17.4 |