CVE-2012-2107

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

csounds Csound

First reported 11 years ago

2014-02-04 21:55:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

csounds Csound 5.10

5.10

csounds Csound 5.10.1

5.10.1

csounds Csound 5.11

5.11

csounds Csound 5.11.1

5.11.1

csounds Csound 5.12

5.12

csounds Csound 5.12.1

5.12.1

csounds Csound 5.12.3

5.12.3

csounds Csound 5.12.4

5.12.4

csounds Csound 5.13.0

5.13.0

csounds Csound 5.13.1

5.13.1

csounds Csound 5.14.0

5.14.0

csounds Csound 5.14.1

5.14.1

csounds Csound 5.14.2

5.14.2

csounds Csound 5.15.0

5.15.0

csounds Csound 5.16

5.16

csounds Csound 5.16.1

5.16.1

References

http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2

openSUSE-SU-2012:0550

48719

Vendor Advisory

http://secunia.com/secunia_research/2012-6/