Buffer overflow in Csounds Csound

CVE-2012-2108

Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.

Vulnerability class: Buffer Overflow

EPSS: 0.058 (90.7th percentile) — read the EPSS interpretation.

Affected products

Csounds Csound — versions 5.10, 5.10.1, 5.11
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_MISC)
48719 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_MISC)
81015 (x_refsource_OSVDB, vdb-entry)
52876 (vdb-entry, x_refsource_BID)
csound-main-bo(74649) (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2012:0550 (vendor-advisory, x_refsource_SUSE)
[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5 (mailing-list, x_refsource_MLIST)
[oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5 (mailing-list, x_refsource_MLIST)