SoX: Multiple buffer overflows
Gentoo Linux Security Advisory
||GLSA 200407-23 / SoX
||July 30, 2004
||May 22, 2006: 02
All supported architectures
SoX contains two buffer overflow vulnerabilities in the WAV header parser
SoX is a command line utility that can convert various formats of
computer audio files in to other formats.
Ulf Harnhammar discovered two buffer overflows in the sox and play
commands when handling WAV files with specially crafted header fields.
By enticing a user to play or convert a specially crafted WAV file an
attacker could execute arbitrary code with the permissions of the user
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of SoX.
All SoX users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge sync
# emerge -pv ">=media-sound/sox-12.17.4-r2"
# emerge ">=media-sound/sox-12.17.4-r2"