Csounds: Security Vulnerabilities
Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.
CVSS Score
7.5
EPSS Score
0.754
Published
2014-02-17
Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
CVSS Score
9.3
EPSS Score
0.048
Published
2014-02-04
Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.
CVSS Score
9.3
EPSS Score
0.051
Published
2014-02-04
Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.
CVSS Score
9.3
EPSS Score
0.058
Published
2014-02-04