Let's say that I have been sent some maliciously-crafted audio files by an attacker that use an unpatched security exploit somewhere in my system to compromise it. How can I reprocess the actual audio (or image, or text etc.) content of such a non-executable file to ensure that, regardless of whether or not the file is malicious or not, it is rendered safe?
For example, could this be done simply by opening the file in audacity and exporting the audio in the same format?
There is a new and growing technology area called Content Disarm and Reconstruction (CDR). This does what you are asking for in general, however not all CDR solutions tackle all file types (like audio and video).
The idea is that the file is analysed and reconstructed to contain only the data and format, but nothing else. It's like a sanitised copy of the file.
I predict that CDR will become an important part of everyday security, but it is still in the "new and cutting edge" phase right now.
In the absence of a tool, you are looking to perform the same function on your own. How that works will depend entirely on the file type and what you need to extract. To do it safely, you can take the same approach as CDR tools: sandboxes and disposable VMs in case the malicious code was destined for your tools.
(full disclosure: I advise a CDR company)
It depends on the vulnerability.
You can most likely remove the exploit by re-encoding or repacking the audio data. However, to do so, you must take care not to use the vulnerable library to decode the audio data. So, you must make sure that audacity (or ffmpeg, or whatever) does not use this library to decode your file before encoding it again. That means you must know that the file is malicious and which library it is targeting.
A common approach to work around this issue and limit the risks (without completely removing them) is to do this recoding work in an isolated process, usually in a process container, inside a VM. Clone the VM before starting the process then discard it afterwards, because it might have become compromised. QubesOS uses this approach to "clean up" PDFs.
