CVE-2012-2106 - Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a f

CVE-2012-2106

Summary

Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:csounds:csound:5.16.6:*:*:*:*:*:*:*
cpe:2.3:a:csounds:csound:5.16.6:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-02-2023 - 04:33)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	52875
confirm	http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3 http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
misc	http://secunia.com/secunia_research/2012-7/ https://bugzilla.redhat.com/show_bug.cgi?id=810802
mlist	[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5 [oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5
osvdb	81016
secunia	48148
suse	openSUSE-SU-2012:0550
xf	csound-pvimportutility-bo(74647)

Last major update

13-02-2023 - 04:33

Published

04-02-2014 - 21:55

Last modified

13-02-2023 - 04:33