Unrated severityNVD Advisory· Published Feb 4, 2014· Updated Apr 29, 2026
CVE-2012-2107
CVE-2012-2107
Description
Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
Affected products
17cpe:2.3:a:csounds:csound:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:csounds:csound:*:*:*:*:*:*:*:*range: <=5.17
- cpe:2.3:a:csounds:csound:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.16:*:*:*:*:*:*:*
- cpe:2.3:a:csounds:csound:5.16.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- secunia.com/advisories/48719nvdVendor Advisory
- secunia.com/secunia_research/2012-6/nvdVendor Advisory
- csound.git.sourceforge.net/git/gitweb.cginvd
- lists.opensuse.org/opensuse-updates/2012-04/msg00057.htmlnvd
- www.openwall.com/lists/oss-security/2012/04/16/1nvd
- www.openwall.com/lists/oss-security/2012/04/16/9nvd
- www.osvdb.org/81015nvd
- www.securityfocus.com/bid/52876nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/74650nvd
News mentions
0No linked articles in our index yet.