BID:52875

Csound 'pv_import()' Remote Integer Overflow Vulnerability

Info

Csound 'pv_import()' Remote Integer Overflow Vulnerability

Bugtraq ID:	52875
Class:	Boundary Condition Error
CVE:	CVE-2012-2106
Remote:	Yes
Local:	No
Published:	Apr 04 2012 12:00AM
Updated:	Feb 05 2014 04:54PM
Credit:	Secunia Research
Vulnerable:	Csound Csound 5.16.6

Not Vulnerable:

Discussion

Csound 'pv_import()' Remote Integer Overflow Vulnerability

Csound is prone to an integer-overflow vulnerability.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary code in the context of an affected application. Failed attempts will likely result in denial-of-service conditions.

Csound 5.16.6 is vulnerable; other versions may also be affected.

Exploit / POC

Csound 'pv_import()' Remote Integer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Csound 'pv_import()' Remote Integer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Csound 'pv_import()' Remote Integer Overflow Vulnerability

References:

Csound Homepage (Csound)
Secunia Research: Csound pv_import Integer Overflow Vulnerability (Secunia Research)