Vulnerability in Csounds Csound
CVE-2012-2107
Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
EPSS: 0.051 (90.0th percentile) — read the EPSS interpretation.
Affected products
- Csounds Csound — versions 5.10, 5.10.1, 5.11
- N/a — versions n/a
Weakness classification (CWE)
References
- csound-pcimain-bo(74650) (vdb-entry, x_refsource_XF)
- 48719 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 81015 (x_refsource_OSVDB, vdb-entry)
- 52876 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_MISC, Vendor Advisory)
- openSUSE-SU-2012:0550 (vendor-advisory, x_refsource_SUSE)
- [oss-security] 20120416 CVE Requests: Multiple security flaws in csound5 (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_MISC)
- [oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5 (mailing-list, x_refsource_MLIST)