MidnightBSD

Advisories for csounds

CVE-2012-2106 HIGH

Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
csounds csound 5.16.6
CVE-2012-2107 HIGH

Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
csounds csound 5.10
csounds csound 5.12.4
csounds csound 5.10.1
csounds csound 5.12.3
csounds csound 5.14.1
csounds csound 5.16
csounds csound 5.11
csounds csound 5.14.2
csounds csound 5.15.0
csounds csound 5.16.1
csounds csound 5.14.0
csounds csound 5.12
csounds csound 5.12.1
csounds csound *
csounds csound 5.13.0
csounds csound 5.13.1
csounds csound 5.11.1
CVE-2012-2108 HIGH

Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
csounds csound 5.10
csounds csound 5.12.4
csounds csound 5.10.1
csounds csound 5.12.3
csounds csound 5.14.1
csounds csound 5.16
csounds csound 5.11
csounds csound 5.14.2
csounds csound 5.15.0
csounds csound 5.16.1
csounds csound 5.14.0
csounds csound 5.12
csounds csound 5.12.1
csounds csound *
csounds csound 5.13.0
csounds csound 5.13.1
csounds csound 5.11.1