CVE-2012-0270

Name of the Vulnerable Software and Affected Versions Csound versions prior to 5.16.6

Description The issue is related to multiple stack-based buffer overflows. These overflows can be triggered by remote attackers using crafted files. Specifically, the getnum function in util/heti main.c and util/pv import.c is vulnerable when processing certain file types, including hetro and PVOC files. This can lead to the execution of arbitrary code.

Recommendations For versions prior to 5.16.6, update to version 5.16.6 or later to resolve the issue. As a temporary workaround, consider restricting the processing of hetro and PVOC files until the update is applied. Avoid using the getnum function in util/heti main.c and util/pv import.c for handling untrusted input.