Home > Vulnerability Database > CVE-2004-0557

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2004-0557

Date: August 1, 2004

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

Severity Score

9.8

Related Resources (17)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2004-0557

Url: http://www.securityfocus.com/bid/10819

Url: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html

Url: http://secunia.com/advisories/12175

Url: http://seclists.org/fulldisclosure/2004/Jul/1227.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2004-0557

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2004:076

Url: http://www.redhat.com/support/errata/RHSA-2004-409.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9801

Url: http://lwn.net/Articles/95530/

Url: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000855

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/16827

Url: http://lwn.net/Articles/95529/

Url: http://www.gentoo.org/security/en/glsa/glsa-200407-23.xml

Url: https://bugzilla.fedora.us/show_bug.cgi?id=1945

Url: http://www.debian.org/security/2004/dsa-565

Url: https://www.mend.io/vulnerability-database/CVE-2004-0557

Severity Score

9.8

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us