Bug 58116 (CVE-2004-0557)

Summary: VUL-0: CVE-2004-0557: SoX buffer overflows when handling .WAV files
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Ludwig Nussel <lnussel>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: nadvornik, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0557: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: mail on vendor-sec
buffy.wav
sox.patch
sox.patch.box
sox.patch.maintained

Description Ludwig Nussel 2004-07-19 17:36:17 UTC 
Ulf Härnhammar has discovered buffer overflows in SoX. Attached is his mail on 
vendor-sec. The issue is not public yet. CAN-2004-0557
Comment 1 Ludwig Nussel 2004-07-19 17:37:09 UTC 
Created attachment 22255 [details]
mail on vendor-sec
Comment 2 Ludwig Nussel 2004-07-19 17:37:57 UTC 
Created attachment 22256 [details]
buffy.wav
Comment 3 Ludwig Nussel 2004-07-19 17:38:15 UTC 
Created attachment 22257 [details]
sox.patch
Comment 4 Ludwig Nussel 2004-07-19 18:05:54 UTC 
Created attachment 22259 [details]
sox.patch.box
Comment 5 Ludwig Nussel 2004-07-19 18:06:12 UTC 
Created attachment 22260 [details]
sox.patch.maintained
Comment 6 Vladimir Nadvornik 2004-07-19 21:42:01 UTC 
Packages are submitted
Comment 7 Ludwig Nussel 2004-07-26 21:24:45 UTC 
CRD 28.07.2004, 16:00 MEST
Comment 8 Ludwig Nussel 2004-07-29 00:47:56 UTC 
packages approved
Comment 9 Thomas Biege 2009-10-13 20:29:49 UTC 
CVE-2004-0557: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)