CVE-2012-2106 - Vulnerability Details - OpenCVE

Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.05607.

Key SSVC decision points have not yet been added.

Vendors	Products
Csounds	Csound

Configuration 1 [-]

cpe:2.3:a:csounds:csound:5.16.6:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3
http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=7d617a9551fb6c552ba16874b71266fcd90f3a6f
http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html
http://secunia.com/advisories/48148
http://secunia.com/secunia_research/2012-7/
http://www.openwall.com/lists/oss-security/2012/04/16/1
http://www.openwall.com/lists/oss-security/2012/04/16/9
http://www.osvdb.org/81016
http://www.securityfocus.com/bid/52875
https://bugzilla.redhat.com/show_bug.cgi?id=810802
https://exchange.xforce.ibmcloud.com/vulnerabilities/74647

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.07101}`	epss `{'score': 0.05607}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-04T18:00:00

Updated: 2024-08-06T19:26:08.925Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2106

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-02-04T21:55:07.873

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-2106

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "48148", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48148"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2012-7/"}, {"name": "81016", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/81016"}, {"name": "csound-pvimportutility-bo(74647)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74647"}, {"name": "openSUSE-SU-2012:0550", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"}, {"name": "[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"}, {"name": "52875", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52875"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=7d617a9551fb6c552ba16874b71266fcd90f3a6f"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810802"}, {"name": "[oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:08.925Z"}, "title": "CVE Program Container", "references": [{"name": "48148", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48148"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2012-7/"}, {"name": "81016", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/81016"}, {"name": "csound-pvimportutility-bo(74647)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74647"}, {"name": "openSUSE-SU-2012:0550", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"}, {"name": "[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"}, {"name": "52875", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52875"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=7d617a9551fb6c552ba16874b71266fcd90f3a6f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810802"}, {"name": "[oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2106", "datePublished": "2014-02-04T18:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.925Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:csounds:csound:5.16.6:*:*:*:*:*:*:*", "matchCriteriaId": "77A14E81-BA8B-49F1-B38E-60A14E7C88B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n pv_import de util/lpv_import.c en Csound anterior a 5.16.6, cuando convierte un archivo, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado, lo que provoca un desbordamiento basado en memoria din\u00e1mica."}], "id": "CVE-2012-2106", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-04T21:55:07.873", "references": [{"source": "secalert@redhat.com", "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3"}, {"source": "secalert@redhat.com", "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=7d617a9551fb6c552ba16874b71266fcd90f3a6f"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48148"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2012-7/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/81016"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/52875"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810802"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74647"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git%3Ba=commitdiff%3Bh=7d617a9551fb6c552ba16874b71266fcd90f3a6f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2012-7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/81016"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52875"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74647"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}