DescriptionUntrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs504359

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
csound (PTS)bullseye1:6.14.0~dfsg-6fixed
sid, trixie1:6.18.1+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
csoundsourceetch(not affected)


[etch] - csound <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems