CVE-2012-0270

NameCVE-2012-0270
DescriptionMultiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs661197

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
csound (PTS)bullseye1:6.14.0~dfsg-6fixed
bookworm1:6.18.1+dfsg-1fixed
trixie1:6.18.1+dfsg-4fixed
forky, sid1:6.18.1+dfsg-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
csoundsource(unstable)1:5.16.6~dfsg-1low661197

Notes

[squeeze] - csound <no-dsa> (Minor issue)
http://secunia.com/secunia_research/2012-3/
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
Search for package or bug name: Reporting problems