PT-2014-2238 · Csound · Csound
Huzaifa S. Sidhpurwala
·
Publicado
2014-02-04
·
Atualizado
2024-06-15
·
CVE-2012-2106
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Csound versions prior to 5.16.6
Description
The issue is related to an integer overflow in the
pv import function, located in util/lpv import.c, which occurs when converting a file. This allows remote attackers to execute arbitrary code through a crafted file, resulting in a heap-based buffer overflow.Recommendations
For versions prior to 5.16.6, update to version 5.16.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the
pv import function in util/lpv import.c to minimize the risk of exploitation. Avoid using the pv import function with untrusted input files until the issue is resolved.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Csound