CVE-2012-0270
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
17/02/2014
Last modified:
11/04/2025
Description
Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:csounds:csound:*:*:*:*:*:*:*:* | 5.16.1 (including) | |
| cpe:2.3:a:csounds:csound:5.12.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:csounds:csound:5.13.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:csounds:csound:5.13.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:csounds:csound:5.14.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:csounds:csound:5.14.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:csounds:csound:5.14.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:csounds:csound:5.15.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:csounds:csound:5.16:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00027.html
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00027.html
- http://secunia.com/advisories/47585
- http://secunia.com/secunia_research/2012-3/
- http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00027.html
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00027.html
- http://secunia.com/advisories/47585
- http://secunia.com/secunia_research/2012-3/
- http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view