Csound 'main()' Stack Based Buffer Overflow And Integer-overflow Vulnerabilities

Bugtraq ID:	52876
Class:	Boundary Condition Error
CVE:	CVE-2012-2107
Remote:	Yes
Local:	No
Published:	Apr 04 2012 12:00AM
Updated:	Feb 05 2014 04:54PM
Credit:	Secunia Research
Vulnerable:	Csound Csound 5.16.6
Not Vulnerable:	Csound Csound 5.17.2

Csound 'main()' Stack Based Buffer Overflow And Integer-overflow Vulnerabilities

Csound is prone to the following vulnerabilities:

1. A stack-based buffer-overflow vulnerability
2. An integer-overflow vulnerability

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed attacks will cause denial-of-service conditions.

Csound 5.16.6 is vulnerable; other versions may also be affected.

Csound 'main()' Stack Based Buffer Overflow And Integer-overflow Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Csound 'main()' Stack Based Buffer Overflow And Integer-overflow Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

Csound 'main()' Stack Based Buffer Overflow And Integer-overflow Vulnerabilities

References:

• Csound Homepage (Csound)
  
• Secunia Research: Csound lpci_import Buffer Overflow Vulnerability (Secunia Research)
  
• Secunia Research: Csound lpci_import Integer Overflow Vulnerability (Secunia Research)