What is CVE-2012-0270?

CVE-2012-0270 is a vulnerability in Csounds Csound, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-02-17.

Is CVE-2012-0270 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Csounds Csound

CVE-2012-0270

Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_impor…

Vulnerability class: Buffer Overflow

EPSS: 0.754 (98.9th percentile) — read the EPSS interpretation.

Affected products

Csounds Csound — versions 5.12.4, 5.13.0, 5.13.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

PSIRT-CNA@flexerasoftware.com (x_refsource_MISC, Vendor Advisory)
47585 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
PSIRT-CNA@flexerasoftware.com (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2012:0315 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2012:0370 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2012-0270?: CVE-2012-0270 is a vulnerability in Csounds Csound, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-02-17.
Is CVE-2012-0270 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.