CVE-2012-2108
published 2014-02-04CVE-2012-2108: Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to…
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.60%
93.0th percentile
Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| csounds | csound | <= 5.17 | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | — | — |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| csounds | csound | >= 0 < 1:5.17.6~dfsg-1 | 1:5.17.6~dfsg-1 |
| debian | csound | < csound 1:5.17.6~dfsg-1 (bookworm) | csound 1:5.17.6~dfsg-1 (bookworm) |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vq6-f897-g2gx: Stack-based buffer overflow in the main function in util/lpci_main
ghsa_unreviewed·2022-05-17
CVE-2012-2108 [HIGH] CWE-119 GHSA-2vq6-f897-g2gx: Stack-based buffer overflow in the main function in util/lpci_main
Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.
OSV
CVE-2012-2108: Stack-based buffer overflow in the main function in util/lpci_main
osv·2014-02-04·CVSS 9.3
CVE-2012-2108 [CRITICAL] CVE-2012-2108: Stack-based buffer overflow in the main function in util/lpci_main
Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.
Debian
CVE-2012-2108: csound - Stack-based buffer overflow in the main function in util/lpci_main.c in Csound b...
vendor_debian·2012·CVSS 9.3
CVE-2012-2108 [CRITICAL] CVE-2012-2108: csound - Stack-based buffer overflow in the main function in util/lpci_main.c in Csound b...
Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.
Scope: local
bookworm: resolved (fixed in 1:5.17.6~dfsg-1)
bullseye: resolved (fixed in 1:5.17.6~dfsg-1)
forky: resolved (fixed in 1:5.17.6~dfsg-1)
sid: resolved (fixed in 1:5.17.6~dfsg-1)
trixie: resolved (fixed in 1:5.17.6~dfsg-1)
No detection rules found.
No public exploits indexed.
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.htmlhttp://secunia.com/advisories/48719http://secunia.com/secunia_research/2012-4/http://www.openwall.com/lists/oss-security/2012/04/16/1http://www.openwall.com/lists/oss-security/2012/04/16/9http://www.osvdb.org/81015http://www.securityfocus.com/bid/52876https://bugzilla.redhat.com/show_bug.cgi?id=810810https://exchange.xforce.ibmcloud.com/vulnerabilities/74649http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.htmlhttp://secunia.com/advisories/48719http://secunia.com/secunia_research/2012-4/http://www.openwall.com/lists/oss-security/2012/04/16/1http://www.openwall.com/lists/oss-security/2012/04/16/9http://www.osvdb.org/81015http://www.securityfocus.com/bid/52876https://bugzilla.redhat.com/show_bug.cgi?id=810810https://exchange.xforce.ibmcloud.com/vulnerabilities/74649
2014-02-04
Published