CVE-2012-2107
published 2014-02-04CVE-2012-2107: Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.69%
93.1th percentile
Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| csounds | csound | <= 5.17 | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| debian | csound | < csound 1:5.17.6~dfsg-1 (bookworm) | csound 1:5.17.6~dfsg-1 (bookworm) |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2012-2107: csound - Integer overflow in the main function in util/lpci_main.c in Csound before 5.17....
vendor_debian·2012·CVSS 9.3
CVE-2012-2107 [CRITICAL] CVE-2012-2107: csound - Integer overflow in the main function in util/lpci_main.c in Csound before 5.17....
Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 1:5.17.6~dfsg-1)
bullseye: resolved (fixed in 1:5.17.6~dfsg-1)
forky: resolved (fixed in 1:5.17.6~dfsg-1)
sid: resolved (fixed in 1:5.17.6~dfsg-1)
trixie: resolved (fixed in 1:5.17.6~dfsg-1)
GHSA
GHSA-842p-4wmq-65x7: Integer overflow in the main function in util/lpci_main
ghsa_unreviewed·2022-05-17
CVE-2012-2107 [HIGH] GHSA-842p-4wmq-65x7: Integer overflow in the main function in util/lpci_main
Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
OSV
CVE-2012-2107: Integer overflow in the main function in util/lpci_main
osv·2014-02-04·CVSS 9.3
CVE-2012-2107 [CRITICAL] CVE-2012-2107: Integer overflow in the main function in util/lpci_main
Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.htmlhttp://secunia.com/advisories/48719http://secunia.com/secunia_research/2012-6/http://www.openwall.com/lists/oss-security/2012/04/16/1http://www.openwall.com/lists/oss-security/2012/04/16/9http://www.osvdb.org/81015http://www.securityfocus.com/bid/52876https://bugzilla.redhat.com/show_bug.cgi?id=810807https://exchange.xforce.ibmcloud.com/vulnerabilities/74650http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.htmlhttp://secunia.com/advisories/48719http://secunia.com/secunia_research/2012-6/http://www.openwall.com/lists/oss-security/2012/04/16/1http://www.openwall.com/lists/oss-security/2012/04/16/9http://www.osvdb.org/81015http://www.securityfocus.com/bid/52876https://bugzilla.redhat.com/show_bug.cgi?id=810807https://exchange.xforce.ibmcloud.com/vulnerabilities/74650
2014-02-04
Published