CVE-2012-2106

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 11 years ago

2014-02-04 21:55:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

csounds Csound 5.16.6

5.16.6

References

http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3

http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f

openSUSE-SU-2012:0550

48148

Vendor Advisory

http://secunia.com/secunia_research/2012-7/

Vendor Advisory

[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5

[oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5

81016

52875

https://bugzilla.redhat.com/show_bug.cgi?id=810802

csound-pvimportutility-bo(74647)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.