Vulnerabilities > CVE-2012-2106 - Numeric Errors vulnerability in Csounds Csound 5.16.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | SuSE Local Security Checks |
NASL id | OPENSUSE-2012-246.NASL |
description | specially crafted files could cause buffer overflows in csound |
last seen | 2020-06-05 |
modified | 2014-06-13 |
plugin id | 74608 |
published | 2014-06-13 |
reporter | This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/74608 |
title | openSUSE Security Update : csound (openSUSE-SU-2012:0550-1) |
References
- http://www.osvdb.org/81016
- http://www.securityfocus.com/bid/52875
- https://bugzilla.redhat.com/show_bug.cgi?id=810802
- http://www.openwall.com/lists/oss-security/2012/04/16/9
- http://www.openwall.com/lists/oss-security/2012/04/16/1
- http://secunia.com/advisories/48148
- http://secunia.com/secunia_research/2012-7/
- http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74647
- http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3
- http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=7d617a9551fb6c552ba16874b71266fcd90f3a6f