CVE-2012-0270

Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
csoundscsound
𝑥
≤ 5.16.1
csoundscsound
5.12.4
csoundscsound
5.13.0
csoundscsound
5.13.1
csoundscsound
5.14.0
csoundscsound
5.14.1
csoundscsound
5.14.2
csoundscsound
5.15.0
csoundscsound
5.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
csound
bullseye
1:6.14.0~dfsg-6
fixed
squeeze
no-dsa
bookworm
1:6.18.1+dfsg-1
fixed
sid
1:6.18.1+dfsg-3
fixed
trixie
1:6.18.1+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
csound
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00027.html
http://lists.opensuse.org/opensuse-updates/2012-03/msg00027.html
http://secunia.com/advisories/47585
http://secunia.com/secunia_research/2012-3/
http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00027.html
http://lists.opensuse.org/opensuse-updates/2012-03/msg00027.html
http://secunia.com/advisories/47585
http://secunia.com/secunia_research/2012-3/
http://sourceforge.net/projects/csound/files/csound5/csound5.16/Version5.16_Notes/view