Vulnerability in Csounds Csound
CVE-2012-2106
Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
EPSS: 0.048 (89.7th percentile) — read the EPSS interpretation.
Affected products
- Csounds Csound — versions 5.16.6
- N/a — versions n/a
Weakness classification (CWE)
References
- 48148 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_MISC, Vendor Advisory)
- 81016 (x_refsource_OSVDB, vdb-entry)
- csound-pvimportutility-bo(74647) (vdb-entry, x_refsource_XF)
- openSUSE-SU-2012:0550 (vendor-advisory, x_refsource_SUSE)
- [oss-security] 20120416 CVE Requests: Multiple security flaws in csound5 (mailing-list, x_refsource_MLIST)
- 52875 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_MISC)