4 matches found
CVE-2012-0270
CVE-2012-0270 affects Csound prior to 5.16.6, caused by stack-based buffer overflows in getnum() (util/heti_main.c and util/pv_import.c). Exploitation via specially crafted hetro and pvoc files can lead to remote code execution. Remediation: upgrade to Csound 5.16.6 or later; patches referenced i...
CVE-2012-2108
Csound (affected component: util/lpci_main.c in the core for file conversion) has a stack-based buffer overflow in the main function, exploitable by crafting a file to cause remote code execution. This occurs in versions before 5.17.2. Remediation in documented contexts includes upgrading to a fi...
CVE-2012-2107
Csound prior to 5.17.2 suffers an integer overflow in util/lpci_main.c during file conversion, triggering a heap-based buffer overflow that could allow remote code execution. This is documented across multiple sources (SUSE/OpenSUSE, Ubuntu, Debian osv, etc.). Affected version: Csound
CVE-2012-2106
CVE-2012-2106 affects Csound 5.16.6, where an integer overflow in pv_import.c during file conversion enables a heap-based buffer overflow that could allow remote code execution. Several advisories reference the same issue and market it as a remote vulnerability (exploitable via crafted files). Re...